Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
soft 1.14.exe

Overview

General Information

Sample name:soft 1.14.exe
Analysis ID:1581513
MD5:9d28b3f2746f719fe82a21428f9265ae
SHA1:3acd169f55124db5b2d46a95ffdd48d5a57e3c11
SHA256:2b1545089a5a1be6fe2ce0fa399d982b4b7995a750a1ea0528695c7eed5f24d4
Tags:exeMeduzaStealeruser-ventoy
Infos:

Detection

Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Meduza Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Self deletion via cmd or bat file
Sigma detected: Suspicious Ping/Del Command Combination
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • soft 1.14.exe (PID: 7528 cmdline: "C:\Users\user\Desktop\soft 1.14.exe" MD5: 9D28B3F2746F719FE82A21428F9265AE)
    • soft 1.14.exe (PID: 7544 cmdline: "C:\Users\user\Desktop\soft 1.14.exe" MD5: 9D28B3F2746F719FE82A21428F9265AE)
      • cmd.exe (PID: 7784 cmdline: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\soft 1.14.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • PING.EXE (PID: 7836 cmdline: ping 1.1.1.1 -n 1 -w 3000 MD5: 2F46799D79D22AC72C241EC0322B011D)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "147.45.44.216", "anti_vm": true, "anti_dbg": true, "port": 15666, "build_name": "423", "self_destruct": true, "extensions": "", "links": "", "grabber_max_size": 1048576}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000001.00000003.1849372179.0000029830CA4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
        • 0x11292c:$str01: emoji
        • 0x1154b8:$str02: %d-%m-%Y, %H:%M:%S
        • 0x115528:$str03: [UTC
        • 0x115530:$str04: user_name
        • 0x115578:$str05: computer_name
        • 0x115550:$str06: timezone
        • 0x115488:$str07: current_path()
        • 0x1128f0:$str08: [json.exception.
        • 0x12cf12:$str09: GDI32.dll
        • 0x12d184:$str10: GdipGetImageEncoders
        • 0x12d1fc:$str10: GdipGetImageEncoders
        • 0x12c7b0:$str11: GetGeoInfoA
        Process Memory Space: soft 1.14.exe PID: 7544JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
          Click to see the 1 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.2.soft 1.14.exe.140000000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
            1.2.soft 1.14.exe.140000000.0.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
            • 0x11152c:$str01: emoji
            • 0x1140b8:$str02: %d-%m-%Y, %H:%M:%S
            • 0x114128:$str03: [UTC
            • 0x114130:$str04: user_name
            • 0x114178:$str05: computer_name
            • 0x114150:$str06: timezone
            • 0x114088:$str07: current_path()
            • 0x1114f0:$str08: [json.exception.
            • 0x12bb12:$str09: GDI32.dll
            • 0x12bd84:$str10: GdipGetImageEncoders
            • 0x12bdfc:$str10: GdipGetImageEncoders
            • 0x12b3b0:$str11: GetGeoInfoA
            1.2.soft 1.14.exe.140000000.0.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
              1.2.soft 1.14.exe.140000000.0.raw.unpackinfostealer_win_meduzastealerFinds MeduzaStealer samples based on specific stringsSekoia.io
              • 0x11292c:$str01: emoji
              • 0x1154b8:$str02: %d-%m-%Y, %H:%M:%S
              • 0x115528:$str03: [UTC
              • 0x115530:$str04: user_name
              • 0x115578:$str05: computer_name
              • 0x115550:$str06: timezone
              • 0x115488:$str07: current_path()
              • 0x1128f0:$str08: [json.exception.
              • 0x12cf12:$str09: GDI32.dll
              • 0x12d184:$str10: GdipGetImageEncoders
              • 0x12d1fc:$str10: GdipGetImageEncoders
              • 0x12c7b0:$str11: GetGeoInfoA

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Suspicious Ping/Del Command Combination
              Source: Process startedAuthor: Ilya Krestinichev: Data: Command: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\soft 1.14.exe", CommandLine: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\soft 1.14.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\soft 1.14.exe", ParentImage: C:\Users\user\Desktop\soft 1.14.exe, ParentProcessId: 7544, ParentProcessName: soft 1.14.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\soft 1.14.exe", ProcessId: 7784, ProcessName: cmd.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T23:40:02.512809+010020463031A Network Trojan was detected192.168.2.449730147.45.44.21615666TCP
              2024-12-27T23:40:02.632795+010020463031A Network Trojan was detected192.168.2.449730147.45.44.21615666TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T23:40:02.512809+010020508071A Network Trojan was detected192.168.2.449730147.45.44.21615666TCP
              2024-12-27T23:40:02.632795+010020508071A Network Trojan was detected192.168.2.449730147.45.44.21615666TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 1.2.soft 1.14.exe.140000000.0.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "147.45.44.216", "anti_vm": true, "anti_dbg": true, "port": 15666, "build_name": "423", "self_destruct": true, "extensions": "", "links": "", "grabber_max_size": 1048576}
              Multi AV Scanner detection for submitted file
              Source: soft 1.14.exeReversingLabs: Detection: 47%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.7% probability
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140076AA0 CryptUnprotectData,LocalFree,1_2_0000000140076AA0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400D3090 CryptUnprotectData,1_2_00000001400D3090
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400772C0 BCryptCloseAlgorithmProvider,1_2_00000001400772C0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140077340 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,Concurrency::cancel_current_task,1_2_0000000140077340
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400D3658 BCryptCloseAlgorithmProvider,1_2_00000001400D3658
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140033A30 BCryptDestroyKey,1_2_0000000140033A30
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140036C90 CryptUnprotectData,LocalFree,1_2_0000000140036C90
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140076DC0 CryptProtectData,LocalFree,1_2_0000000140076DC0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140076F20 BCryptDecrypt,BCryptDecrypt,1_2_0000000140076F20
              Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: soft 1.14.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF60807CA90 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF60807CA90
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400B9DB8 FindClose,FindFirstFileExW,GetLastError,1_2_00000001400B9DB8
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400D3100 FindFirstFileW,1_2_00000001400D3100
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400B9E68 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,1_2_00000001400B9E68
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00007FF60807CAF1 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF60807CAF1

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2046303 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M1 : 192.168.2.4:49730 -> 147.45.44.216:15666
              Uses ping.exe to check the status of other devices and networks
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000
              Source: global trafficTCP traffic: 192.168.2.4:49730 -> 147.45.44.216:15666
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
              Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
              Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
              Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: unknownDNS query: name: api.ipify.org
              Source: unknownDNS query: name: api.ipify.org
              Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.4:49730 -> 147.45.44.216:15666
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.44.216
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400840A0 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,Concurrency::cancel_current_task,1_2_00000001400840A0
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
              Source: global trafficDNS traffic detected: DNS query: api.ipify.org
              Source: soft 1.14.exe, 00000001.00000003.1849179322.00000298335F0000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1849212145.00000298335F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi
              Source: soft 1.14.exe, 00000001.00000003.1698661565.00000298335E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi;
              Source: soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: soft 1.14.exe, 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
              Source: soft 1.14.exe, 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/c
              Source: soft 1.14.exe, 00000001.00000003.1710469569.000002983387A000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710469569.000002983389F000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
              Source: soft 1.14.exe, 00000001.00000003.1710469569.000002983387A000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710469569.000002983389F000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710598945.0000029830D2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
              Source: soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: soft 1.14.exe, 00000001.00000003.1710469569.000002983387A000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710469569.000002983389F000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
              Source: soft 1.14.exe, 00000001.00000003.1710469569.000002983387A000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710469569.000002983389F000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710598945.0000029830D2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: soft 1.14.exe, 00000001.00000003.1700540417.0000029833836000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700219103.0000029833835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: soft 1.14.exe, 00000001.00000003.1700540417.0000029833836000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700219103.0000029833835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: soft 1.14.exe, 00000001.00000003.1700540417.0000029833836000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700219103.0000029833835000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710598945.0000029830D2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
              Source: soft 1.14.exe, 00000001.00000003.1706893890.0000029833F8D000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832CC7000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833834000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1708846670.0000029833946000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832C48000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832CBF000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1708846670.000002983393E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.000002983383C000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832C40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
              Source: soft 1.14.exe, 00000001.00000003.1704697813.0000029832C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: soft 1.14.exe, 00000001.00000003.1704697813.0000029832C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
              Source: soft 1.14.exe, 00000001.00000003.1700932396.000002983383D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: soft 1.14.exe, 00000001.00000003.1700932396.000002983383D000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700932396.0000029833855000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700932396.0000029833819000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1701445096.0000029830D2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: soft 1.14.exe, 00000001.00000003.1700932396.000002983383D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: soft 1.14.exe, 00000001.00000003.1700932396.000002983383D000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700932396.0000029833855000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700932396.0000029833819000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1701445096.0000029830D2D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: soft 1.14.exe, 00000001.00000003.1710469569.000002983387A000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710469569.000002983389F000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710598945.0000029830D2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
              Source: soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: soft 1.14.exe, 00000001.00000003.1710469569.000002983387A000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710469569.000002983389F000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710598945.0000029830D2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
              Source: soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: soft 1.14.exe, 00000001.00000003.1706893890.0000029833F8D000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832CC7000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833834000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1708846670.0000029833946000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832C48000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832CBF000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1708846670.000002983393E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.000002983383C000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832C40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
              Source: soft 1.14.exe, 00000001.00000003.1704697813.0000029832C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: soft 1.14.exe, 00000001.00000003.1704697813.0000029832C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: soft 1.14.exe, 00000001.00000003.1706278412.0000029833CFD000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1708846670.000002983394E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832CCE000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833843000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: soft 1.14.exe, 00000001.00000003.1704697813.0000029832C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: soft 1.14.exe, 00000001.00000003.1706278412.0000029833CFD000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1708846670.000002983394E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832CCE000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833843000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832C4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400849D0 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,1_2_00000001400849D0

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 1.2.soft 1.14.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
              Source: 1.2.soft 1.14.exe.140000000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
              Source: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds MeduzaStealer samples based on specific strings Author: Sekoia.io
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400D3718 NtQueryObject,1_2_00000001400D3718
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400888E0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,1_2_00000001400888E0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140088FE0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,1_2_0000000140088FE0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF608072DD00_2_00007FF608072DD0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF60807CA900_2_00007FF60807CA90
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF6080770080_2_00007FF608077008
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400840A01_2_00000001400840A0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400320B01_2_00000001400320B0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014008B17B1_2_000000014008B17B
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400862501_2_0000000140086250
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400652501_2_0000000140065250
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400442D01_2_00000001400442D0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400304501_2_0000000140030450
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014003C5E01_2_000000014003C5E0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014003D6801_2_000000014003D680
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400856C01_2_00000001400856C0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400A16FC1_2_00000001400A16FC
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014002F7301_2_000000014002F730
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014007B7D01_2_000000014007B7D0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400648701_2_0000000140064870
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400849D01_2_00000001400849D0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140097A4C1_2_0000000140097A4C
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014003BA801_2_000000014003BA80
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140034B701_2_0000000140034B70
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140031B901_2_0000000140031B90
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140086BE01_2_0000000140086BE0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014008BC001_2_000000014008BC00
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140032CA01_2_0000000140032CA0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014003DD201_2_000000014003DD20
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140050D9A1_2_0000000140050D9A
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014002FE201_2_000000014002FE20
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140048E801_2_0000000140048E80
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014007DF101_2_000000014007DF10
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400BEF181_2_00000001400BEF18
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014006BF801_2_000000014006BF80
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014005AFF01_2_000000014005AFF0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014009405C1_2_000000014009405C
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014009E0A61_2_000000014009E0A6
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400070E01_2_00000001400070E0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014006F1C01_2_000000014006F1C0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014007D1E01_2_000000014007D1E0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400991E41_2_00000001400991E4
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400752A61_2_00000001400752A6
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014007A3201_2_000000014007A320
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014005B3201_2_000000014005B320
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400893301_2_0000000140089330
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400A53281_2_00000001400A5328
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014005A3801_2_000000014005A380
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400853A01_2_00000001400853A0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400283D01_2_00000001400283D0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400AA4501_2_00000001400AA450
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400265101_2_0000000140026510
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400255201_2_0000000140025520
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014008F5D41_2_000000014008F5D4
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400976101_2_0000000140097610
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400066101_2_0000000140006610
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400536201_2_0000000140053620
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400616501_2_0000000140061650
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014005A6801_2_000000014005A680
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400BE87C1_2_00000001400BE87C
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014003893D1_2_000000014003893D
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400A19781_2_00000001400A1978
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014009D9981_2_000000014009D998
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400749B01_2_00000001400749B0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014005A9B01_2_000000014005A9B0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014005F9C01_2_000000014005F9C0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400509F01_2_00000001400509F0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400AA9E81_2_00000001400AA9E8
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140077A001_2_0000000140077A00
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140091A101_2_0000000140091A10
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140094A241_2_0000000140094A24
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140033A301_2_0000000140033A30
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140030A801_2_0000000140030A80
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400A5A981_2_00000001400A5A98
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014008FAE01_2_000000014008FAE0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140056BEB1_2_0000000140056BEB
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140073C401_2_0000000140073C40
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140093C541_2_0000000140093C54
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400A8C881_2_00000001400A8C88
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014005ACD01_2_000000014005ACD0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014007FCF01_2_000000014007FCF0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400A8D0F1_2_00000001400A8D0F
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140006D201_2_0000000140006D20
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014009FDA41_2_000000014009FDA4
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140005DB01_2_0000000140005DB0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140074DF01_2_0000000140074DF0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140039E401_2_0000000140039E40
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140093E581_2_0000000140093E58
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400B9E681_2_00000001400B9E68
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140030E801_2_0000000140030E80
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140036EE01_2_0000000140036EE0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140094F2C1_2_0000000140094F2C
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400A6F341_2_00000001400A6F34
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400A1F681_2_00000001400A1F68
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400A2FA41_2_00000001400A2FA4
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014003AFB01_2_000000014003AFB0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140088FE01_2_0000000140088FE0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00007FF60807CAF11_2_00007FF60807CAF1
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00007FF608072DD01_2_00007FF608072DD0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: String function: 000000014002E1D0 appears 33 times
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: String function: 0000000140096B14 appears 35 times
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: String function: 000000014002BA80 appears 32 times
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: String function: 00000001400475F0 appears 60 times
              Source: soft 1.14.exe, 00000001.00000003.1848741263.0000029833823000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs soft 1.14.exe
              Source: soft 1.14.exe, 00000001.00000003.1848741263.0000029833823000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs soft 1.14.exe
              Source: soft 1.14.exe, 00000001.00000003.1849283468.0000029833824000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs soft 1.14.exe
              Source: soft 1.14.exe, 00000001.00000003.1849283468.0000029833824000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs soft 1.14.exe
              Source: 1.2.soft 1.14.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
              Source: 1.2.soft 1.14.exe.140000000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
              Source: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_meduzastealer author = Sekoia.io, description = Finds MeduzaStealer samples based on specific strings, creation_date = 2023-06-20, classification = TLP:CLEAR, version = 1.0, id = 1276f485-aa5d-491b-89d8-77f98dc496e1
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/1@1/2
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014008A560 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,1_2_000000014008A560
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400D3008 AdjustTokenPrivileges,CredEnumerateA,1_2_00000001400D3008
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014003D680 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,1_2_000000014003D680
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140073C40 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysStringByteLen,SysFreeString,SysFreeString,1_2_0000000140073C40
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7792:120:WilError_03
              Source: C:\Users\user\Desktop\soft 1.14.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963C3CFE079
              Source: soft 1.14.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\soft 1.14.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: soft 1.14.exeReversingLabs: Detection: 47%
              Source: unknownProcess created: C:\Users\user\Desktop\soft 1.14.exe "C:\Users\user\Desktop\soft 1.14.exe"
              Source: C:\Users\user\Desktop\soft 1.14.exeProcess created: C:\Users\user\Desktop\soft 1.14.exe "C:\Users\user\Desktop\soft 1.14.exe"
              Source: C:\Users\user\Desktop\soft 1.14.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\soft 1.14.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000
              Source: C:\Users\user\Desktop\soft 1.14.exeProcess created: C:\Users\user\Desktop\soft 1.14.exe "C:\Users\user\Desktop\soft 1.14.exe"Jump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\soft 1.14.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000Jump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: soft 1.14.exeStatic PE information: Image base 0x140000000 > 0x60000000
              Source: soft 1.14.exeStatic file information: File size 3276800 > 1048576
              Source: soft 1.14.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x309c00
              Source: soft 1.14.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: soft 1.14.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: soft 1.14.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: soft 1.14.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: soft 1.14.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: soft 1.14.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014003C5E0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,1_2_000000014003C5E0
              Source: soft 1.14.exeStatic PE information: section name: .00cfg
              Source: soft 1.14.exeStatic PE information: section name: .gxfg
              Source: soft 1.14.exeStatic PE information: section name: .retplne
              Source: soft 1.14.exeStatic PE information: section name: _RDATA
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014004CBE2 push rbp; retf 1_2_000000014004CBE5
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014007B500 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,1_2_000000014007B500

              Hooking and other Techniques for Hiding and Protection

              barindex
              Self deletion via cmd or bat file
              Source: C:\Users\user\Desktop\soft 1.14.exeProcess created: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\soft 1.14.exe"
              Source: C:\Users\user\Desktop\soft 1.14.exeProcess created: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\soft 1.14.exe"Jump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Uses ping.exe to sleep
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000Jump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-74111
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF60807CA90 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF60807CA90
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400B9DB8 FindClose,FindFirstFileExW,GetLastError,1_2_00000001400B9DB8
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400D3100 FindFirstFileW,1_2_00000001400D3100
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400B9E68 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,1_2_00000001400B9E68
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00007FF60807CAF1 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF60807CAF1
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400978F8 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,1_2_00000001400978F8
              Source: soft 1.14.exe, 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1699258652.0000029830D20000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000002.1850037500.0000029830D1E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1849372179.0000029830D1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: C:\Users\user\Desktop\soft 1.14.exeAPI call chain: ExitProcess graph end nodegraph_1-74056
              Source: C:\Users\user\Desktop\soft 1.14.exeAPI call chain: ExitProcess graph end nodegraph_1-74051
              Source: C:\Users\user\Desktop\soft 1.14.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400D3700 LdrEnumerateLoadedModules,1_2_00000001400D3700
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF608077760 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF608077760
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400BC0C4 GetLastError,IsDebuggerPresent,OutputDebugStringW,1_2_00000001400BC0C4
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014003C5E0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,1_2_000000014003C5E0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF608079E10 GetProcessHeap,0_2_00007FF608079E10
              Source: C:\Users\user\Desktop\soft 1.14.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF608077760 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF608077760
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF6080754D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6080754D4
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF6080754C4 SetUnhandledExceptionFilter,0_2_00007FF6080754C4
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF60807C0E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF60807C0E8
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400D32D8 SetUnhandledExceptionFilter,1_2_00000001400D32D8
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140096828 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0000000140096828
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400ADB78 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00000001400ADB78
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00000001400ADD58 SetUnhandledExceptionFilter,1_2_00000001400ADD58
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00007FF60807C0E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF60807C0E8
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00007FF6080754D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6080754D4
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00007FF6080754C4 SetUnhandledExceptionFilter,1_2_00007FF6080754C4
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_00007FF608077760 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF608077760

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\soft 1.14.exeMemory written: C:\Users\user\Desktop\soft 1.14.exe base: 140000000 value starts with: 4D5AJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Users\user\Desktop\soft 1.14.exeThread register set: target process: 7544Jump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_000000014007A320 ShellExecuteW,1_2_000000014007A320
              Source: C:\Users\user\Desktop\soft 1.14.exeProcess created: C:\Users\user\Desktop\soft 1.14.exe "C:\Users\user\Desktop\soft 1.14.exe"Jump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\soft 1.14.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000Jump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF6080817D0 cpuid 0_2_00007FF6080817D0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: EnumSystemLocalesW,1_2_000000014009C3A0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: GetLocaleInfoW,1_2_00000001400D3398
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,1_2_00000001400A74C4
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: EnumSystemLocalesW,1_2_00000001400A7820
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: GetLocaleInfoW,1_2_000000014009C8E0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: EnumSystemLocalesW,1_2_00000001400A78F0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,1_2_00000001400A7988
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: GetLocaleInfoEx,FormatMessageA,1_2_00000001400B9A28
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: GetLocaleInfoW,1_2_00000001400A7BD0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_00000001400A7D28
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: GetLocaleInfoW,1_2_00000001400A7DD8
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_00000001400A7F0C
              Source: C:\Users\user\Desktop\soft 1.14.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 0_2_00007FF608075304 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF608075304
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140084FB0 GetUserNameW,1_2_0000000140084FB0
              Source: C:\Users\user\Desktop\soft 1.14.exeCode function: 1_2_0000000140086250 GetTimeZoneInformation,1_2_0000000140086250

              Stealing of Sensitive Information

              barindex
              Yara detected Meduza Stealer
              Source: Yara matchFile source: 1.2.soft 1.14.exe.140000000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.soft 1.14.exe.140000000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1849372179.0000029830CA4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: soft 1.14.exe PID: 7544, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: soft 1.14.exe, 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum-LTC\wallets
              Source: soft 1.14.exe, 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\wallets
              Source: soft 1.14.exe, 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
              Source: soft 1.14.exe, 00000001.00000003.1712211281.0000029830D5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet18n
              Source: soft 1.14.exe, 00000001.00000003.1712211281.0000029830D5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystoreata
              Source: soft 1.14.exe, 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
              Source: soft 1.14.exe, 00000001.00000003.1712211281.0000029830D5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Binance\simple-storage.jsonbldb5*
              Source: soft 1.14.exe, 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
              Source: soft 1.14.exe, 00000001.00000003.1712211281.0000029830D5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Neon
              Source: soft 1.14.exe, 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
              Tries to harvest and steal Bitcoin Wallet information
              Source: C:\Users\user\Desktop\soft 1.14.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\soft 1.14.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Users\user\Desktop\soft 1.14.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: Yara matchFile source: Process Memory Space: soft 1.14.exe PID: 7544, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Meduza Stealer
              Source: Yara matchFile source: 1.2.soft 1.14.exe.140000000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.2.soft 1.14.exe.140000000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1849372179.0000029830CA4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: soft 1.14.exe PID: 7544, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Native API              		1
              DLL Side-Loading              		1
              Exploitation for Privilege Escalation              		1
              Deobfuscate/Decode Files or Information              		1
              OS Credential Dumping              		12
              System Time Discovery              		Remote Services1
              Archive Collected Data              		2
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              DLL Side-Loading              		2
              Obfuscated Files or Information              		LSASS Memory1
              Account Discovery              		Remote Desktop Protocol2
              Data from Local System              		21
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              Access Token Manipulation              		1
              DLL Side-Loading              		Security Account Manager2
              File and Directory Discovery              		SMB/Windows Admin Shares1
              Screen Capture              		1
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook211
              Process Injection              		1
              File Deletion              		NTDS34
              System Information Discovery              		Distributed Component Object Model1
              Email Collection              		2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Access Token Manipulation              		LSA Secrets31
              Security Software Discovery              		SSHKeylogging3
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts211
              Process Injection              		Cached Domain Credentials2
              Process Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
              System Owner/User Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
              Remote System Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow11
              System Network Configuration Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              soft 1.14.exe47%ReversingLabsWin64.Trojan.Generic

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://ns.microsoft.t/Regi;0%Avira URL Cloudsafe
              http://ns.microsoft.t/Regi0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              api.ipify.org
              		104.26.13.205
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://api.ipify.org/false
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://duckduckgo.com/chrome_newtabsoft 1.14.exe, 00000001.00000003.1700540417.0000029833836000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700219103.0000029833835000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFsoft 1.14.exe, 00000001.00000003.1704697813.0000029832C4F000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://duckduckgo.com/ac/?q=soft 1.14.exe, 00000001.00000003.1700540417.0000029833836000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700219103.0000029833835000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgsoft 1.14.exe, 00000001.00000003.1710469569.000002983387A000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710469569.000002983389F000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.google.com/images/branding/product/ico/googleg_lodp.icosoft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.soft 1.14.exe, 00000001.00000003.1710469569.000002983387A000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710469569.000002983389F000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://ns.microsoft.t/Regi;soft 1.14.exe, 00000001.00000003.1698661565.00000298335E1000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=soft 1.14.exe, 00000001.00000003.1700540417.0000029833836000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700219103.0000029833835000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctasoft 1.14.exe, 00000001.00000003.1710469569.000002983387A000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710469569.000002983389F000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710598945.0000029830D2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016soft 1.14.exe, 00000001.00000003.1700932396.000002983383D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17soft 1.14.exe, 00000001.00000003.1700932396.000002983383D000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.ecosia.org/newtab/soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brsoft 1.14.exe, 00000001.00000003.1704697813.0000029832C4F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://ac.ecosia.org/autocomplete?q=soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.ipify.org/csoft 1.14.exe, 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgsoft 1.14.exe, 00000001.00000003.1710469569.000002983387A000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710469569.000002983389F000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710598945.0000029830D2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYisoft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710598945.0000029830D2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installsoft 1.14.exe, 00000001.00000003.1700932396.000002983383D000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700932396.0000029833855000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700932396.0000029833819000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1701445096.0000029830D2D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsoft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.mozilla.orgsoft 1.14.exe, 00000001.00000003.1706893890.0000029833F8D000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832CC7000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833834000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1708846670.0000029833946000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832C48000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832CBF000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1708846670.000002983393E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.000002983383C000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1704697813.0000029832C40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplessoft 1.14.exe, 00000001.00000003.1700932396.000002983383D000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700932396.0000029833855000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700932396.0000029833819000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1701445096.0000029830D2D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://ns.microsoft.t/Regisoft 1.14.exe, 00000001.00000003.1849179322.00000298335F0000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1849212145.00000298335F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=soft 1.14.exe, 00000001.00000003.1700540417.000002983384E000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1700681932.0000029830D2C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94soft 1.14.exe, 00000001.00000003.1710469569.000002983387A000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710469569.000002983389F000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1709033939.0000029833879000.00000004.00000020.00020000.00000000.sdmp, soft 1.14.exe, 00000001.00000003.1710598945.0000029830D2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                104.26.13.205
                                                                		api.ipify.orgUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                147.45.44.216
                                                                		unknownRussian Federation
                                                                		2895FREE-NET-ASFREEnetEUtrue

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1581513
                                                                Start date and time:2024-12-27 23:39:05 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 4m 10s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:8
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:soft 1.14.exe
                                                                Detection:MAL
                                                                Classification:mal100.troj.spyw.evad.winEXE@8/1@1/2
                                                                EGA Information:
                                                                • Successful, ratio: 100%
                                                                HCA Information:
                                                                • Successful, ratio: 99%
                                                                • Number of executed functions: 86
                                                                • Number of non-executed functions: 133
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe
                                                                • Stop behavior analysis, all processes terminated

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63, 4.245.163.56
                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size exceeded maximum capacity and may have missing network information.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • VT rate limit hit for: soft 1.14.exe

                                                                Simulations

                                                                Behavior and APIs

                                                                No simulations

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                104.26.13.205BiXS3FRoLe.exeGet hashmaliciousTrojanRansomBrowse
                                                                • api.ipify.org/
                                                                lEUy79aLAW.exeGet hashmaliciousTrojanRansomBrowse
                                                                • api.ipify.org/
                                                                Simple1.exeGet hashmaliciousUnknownBrowse
                                                                • api.ipify.org/
                                                                2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                • api.ipify.org/
                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                • api.ipify.org/
                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                • api.ipify.org/
                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                • api.ipify.org/
                                                                file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                • api.ipify.org/
                                                                Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                • api.ipify.org/
                                                                file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                • api.ipify.org/

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                api.ipify.orgmarkiz.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                • 104.26.13.205
                                                                utkin.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                • 172.67.74.152
                                                                https://www.canva.com/design/DAGaHpv1g1M/bVE7B2sT8b8T3P-e2xb64w/view?utm_content=DAGaHpv1g1M&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h1ee3678e45Get hashmaliciousHTMLPhisherBrowse
                                                                • 104.26.12.205
                                                                https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0Get hashmaliciousUnknownBrowse
                                                                • 104.26.12.205
                                                                Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.13.205
                                                                tg.exeGet hashmaliciousBabadedaBrowse
                                                                • 172.67.74.152
                                                                tg.exeGet hashmaliciousBabadedaBrowse
                                                                • 104.26.12.205
                                                                setup.exeGet hashmaliciousBabadedaBrowse
                                                                • 104.26.13.205
                                                                QUOTATION#008792.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 104.26.13.205
                                                                c9toH15OT0.exeGet hashmaliciousUnknownBrowse
                                                                • 104.26.12.205

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                CLOUDFLARENETUSLoader.exeGet hashmaliciousLummaCBrowse
                                                                • 104.21.30.13
                                                                https://www.dropbox.com/scl/fi/lncgsm76k7l5ix7fuu5t6/2024-OK-House-Outreach.pdf?rlkey=o4qr50zpdw1z14o6ikdg6zjt8&st=lrloyzlo&dl=0Get hashmaliciousUnknownBrowse
                                                                • 172.67.216.74
                                                                New Upd v1.1.0.exeGet hashmaliciousLummaCBrowse
                                                                • 104.21.92.91
                                                                WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                • 104.21.30.13
                                                                Installer.exeGet hashmaliciousLummaCBrowse
                                                                • 104.21.66.86
                                                                phish_alert_iocp_v1.4.48 - 2024-12-27T140703.193.emlGet hashmaliciousUnknownBrowse
                                                                • 104.18.11.207
                                                                SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                                                • 104.21.66.86
                                                                SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                • 104.21.73.97
                                                                NewSetup.exeGet hashmaliciousLummaCBrowse
                                                                • 172.67.157.249
                                                                ForcesLangi.exeGet hashmaliciousLummaCBrowse
                                                                • 104.21.66.86
                                                                FREE-NET-ASFREEnetEUiviewers.dllGet hashmaliciousLummaCBrowse
                                                                • 147.45.44.131
                                                                search.htaGet hashmaliciousUnknownBrowse
                                                                • 147.45.112.248
                                                                e9aa0b4540115b3dcec3af70b6de27e54e4a0fa96d1d3.exeGet hashmaliciousRedLineBrowse
                                                                • 147.45.44.224
                                                                TCKxnQ5CPn.exeGet hashmaliciousUnknownBrowse
                                                                • 147.45.49.155
                                                                good.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                • 147.45.44.151
                                                                n5Szx8qsFB.lnkGet hashmaliciousUnknownBrowse
                                                                • 147.45.49.155
                                                                7ZAg3nl9Fu.exeGet hashmaliciousUnknownBrowse
                                                                • 147.45.44.166
                                                                7ZAg3nl9Fu.exeGet hashmaliciousUnknownBrowse
                                                                • 147.45.44.166
                                                                HOrW5twCLd.exeGet hashmaliciousXenoRATBrowse
                                                                • 147.45.69.75
                                                                cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                • 147.45.44.224

                                                                JA3 Fingerprints

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                37f463bf4616ecd445d4a1937da06e19solara-executor.exeGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                Setup.exeGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                Setup.exeGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                setup.msiGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                search.htaGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                TrdIE26br9.msiGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                • 104.26.13.205
                                                                T4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                • 104.26.13.205
                                                                EB2UOXRNsE.exeGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205
                                                                gshv2.exeGet hashmaliciousUnknownBrowse
                                                                • 104.26.13.205

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                \Device\Null

                                                                Download File
                                                                Process:C:\Windows\System32\PING.EXE
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):283
                                                                Entropy (8bit):4.84674468132717
                                                                Encrypted:false
                                                                SSDEEP:6:PzXULmWxHLTpUrU4wUsW3CNcwAFeMmvVOIHJFxMVlmJHaVFrIW1IrIW83Wy:P+pTpcU4nsTDAFSkIrxMVlmJHaVtr1eq
                                                                MD5:38A6ED2824540859D2923148B0B1E0E1
                                                                SHA1:3F99ADE9E9E545F56766083B437D956C4557D3A2
                                                                SHA-256:CCB4CA9180D0A3BA685602EC69270BAD1C98D87C8D6D949AC4BE95FF719DA7B7
                                                                SHA-512:C8B8BB9366862459513610A3E4EABA0DF37E1390ED47AAF92BBCB1375C92AFCA0E8A16423F953B53B25F4A533AFE569E0ACA77D2F57777D3BCAC44D15C70A7E7
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:..Pinging 1.1.1.1 with 32 bytes of data:..Reply from 1.1.1.1: bytes=32 time=136ms TTL=55....Ping statistics for 1.1.1.1:.. Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 136ms, Maximum = 136ms, Average = 136ms..

                                                                Static File Info

                                                                General

                                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                Entropy (8bit):4.438053665347634
                                                                TrID:
                                                                • Win64 Executable GUI (202006/5) 92.65%
                                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                                • DOS Executable Generic (2002/1) 0.92%
                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                File name:soft 1.14.exe
                                                                File size:3'276'800 bytes
                                                                MD5:9d28b3f2746f719fe82a21428f9265ae
                                                                SHA1:3acd169f55124db5b2d46a95ffdd48d5a57e3c11
                                                                SHA256:2b1545089a5a1be6fe2ce0fa399d982b4b7995a750a1ea0528695c7eed5f24d4
                                                                SHA512:38c856ab59f7471c9b582c520a6d8b8cc47841c042802797055f8794439ece9c671c0c4922cfcb180af6fe7b4fc9bded48c936b910bc6482acf07ae9434ffb83
                                                                SSDEEP:24576:qiiuUWnfyNSRhmCW5YeLuB7LAFFG3tXEZ83yCfv4vj3gvsceB9rGUoI65zkbu8w8:U+fce/frCAsLrZ+zH8S
                                                                TLSH:4BE523017EA066F4C2394234ED674B1A7FA77E650304DBEB03A0524A1F627D59E3EB39
                                                                File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....lg.........."...........0......P.........@.............................p2...........`........................................

                                                                File Icon

                                                                Icon Hash:90cececece8e8eb0

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x1400050b0
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x140000000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0x676C189D [Wed Dec 25 14:37:17 2024 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:6
                                                                OS Version Minor:0
                                                                File Version Major:6
                                                                File Version Minor:0
                                                                Subsystem Version Major:6
                                                                Subsystem Version Minor:0
                                                                Import Hash:25224432afaf13c692f24efcb620c38b

                                                                Entrypoint Preview

                                                                Instruction
                                                                dec eax
                                                                sub esp, 28h
                                                                call 00007FF35CF8C9C0h
                                                                dec eax
                                                                add esp, 28h
                                                                jmp 00007FF35CF8C5EFh
                                                                int3
                                                                int3
                                                                dec eax
                                                                sub esp, 28h
                                                                call 00007FF35CF8C784h
                                                                dec eax
                                                                neg eax
                                                                sbb eax, eax
                                                                neg eax
                                                                dec eax
                                                                dec eax
                                                                add esp, 28h
                                                                ret
                                                                int3
                                                                inc eax
                                                                push ebx
                                                                dec eax
                                                                sub esp, 20h
                                                                dec eax
                                                                cmp dword ptr [00318ABEh], FFFFFFFFh
                                                                dec eax
                                                                mov ebx, ecx
                                                                jne 00007FF35CF8C779h
                                                                call 00007FF35CF8E679h
                                                                jmp 00007FF35CF8C781h
                                                                dec eax
                                                                mov edx, ebx
                                                                dec eax
                                                                lea ecx, dword ptr [00318AA8h]
                                                                call 00007FF35CF8E5DCh
                                                                xor edx, edx
                                                                test eax, eax
                                                                dec eax
                                                                cmove edx, ebx
                                                                dec eax
                                                                mov eax, edx
                                                                dec eax
                                                                add esp, 20h
                                                                pop ebx
                                                                ret
                                                                int3
                                                                int3
                                                                dec eax
                                                                sub esp, 18h
                                                                dec esp
                                                                mov eax, ecx
                                                                mov eax, 00005A4Dh
                                                                cmp word ptr [FFFFAED5h], ax
                                                                jne 00007FF35CF8C7EAh
                                                                dec eax
                                                                arpl word ptr [FFFFAF08h], cx
                                                                dec eax
                                                                lea edx, dword ptr [FFFFAEC5h]
                                                                dec eax
                                                                add ecx, edx
                                                                cmp dword ptr [ecx], 00004550h
                                                                jne 00007FF35CF8C7D1h
                                                                mov eax, 0000020Bh
                                                                cmp word ptr [ecx+18h], ax
                                                                jne 00007FF35CF8C7C6h
                                                                dec esp
                                                                sub eax, edx
                                                                movzx edx, word ptr [ecx+14h]
                                                                dec eax
                                                                add edx, 18h
                                                                dec eax
                                                                add edx, ecx
                                                                movzx eax, word ptr [ecx+06h]
                                                                dec eax
                                                                lea ecx, dword ptr [eax+eax*4]
                                                                dec esp
                                                                lea ecx, dword ptr [edx+ecx*8]
                                                                dec eax
                                                                mov dword ptr [esp], edx
                                                                dec ecx
                                                                cmp edx, ecx
                                                                je 00007FF35CF8C78Ah
                                                                mov ecx, dword ptr [edx+0Ch]

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x31ad900x28.rdata
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x3250000x1a8.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x31f0000x15a8.pdata
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x3260000x680.reloc
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x130400x140.rdata
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x31b0380x280.rdata
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x10000x11c800x11e000d92c650fbbfcda227074d695da6f26fFalse0.5210063374125874data6.374503128582078IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rdata0x130000x309b1c0x309c007d17df367edea335777be20f593d4c81unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .data0x31d0000x1e700xc00b04cb412c442d91003948daef4dbac9bFalse0.15234375DOS executable (block device driver)2.184963466978745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                .pdata0x31f0000x15a80x160056e480cd444c6dbe71d072aaf68fc92dFalse0.46732954545454547data4.964764994621124IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .00cfg0x3210000x380x2005d344f072ffe90545ae42e007d19a6b2False0.072265625data0.4473268792999391IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .gxfg0x3220000xf600x1000935a6a7d4fef213de176a26de65d5b15False0.418212890625PGP symmetric key encrypted data - Plaintext or unencrypted data4.923789045505213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .retplne0x3230000x8c0x2008c950f651287cbc1296bcb4e8cd7e990False0.126953125data1.050583247971927
                                                                _RDATA0x3240000x1f40x200e263646b1cb66aae2718bfe9d251bd12False0.5234375data3.7577827584492653IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .rsrc0x3250000x1a80x200fc0936b2f8c7ff2ad90016c364cae0a2False0.482421875data4.178189311747683IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .reloc0x3260000x6800x800210679776348707cee9b93231a7eb5ccFalse0.51171875data4.9546245438601IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_MANIFEST0x3250600x143XML 1.0 document, ASCII textEnglishUnited States0.628482972136223

                                                                Imports

                                                                DLLImport
                                                                KERNEL32.dllCloseHandle, CreateFileW, CreateProcessA, DeleteCriticalSection, EncodePointer, EnterCriticalSection, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileType, GetLastError, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetThreadContext, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadProcessMemory, ResumeThread, RtlCaptureContext, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwindEx, RtlVirtualUnwind, SetFilePointerEx, SetLastError, SetStdHandle, SetThreadContext, SetUnhandledExceptionFilter, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAllocEx, WideCharToMultiByte, WriteConsoleW, WriteFile, WriteProcessMemory

                                                                Possible Origin

                                                                Language of compilation systemCountry where language is spokenMap
                                                                EnglishUnited States

                                                                Network Behavior

                                                                Suricata IDS Alerts

                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                2024-12-27T23:40:02.512809+01002046303ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M11192.168.2.449730147.45.44.21615666TCP
                                                                2024-12-27T23:40:02.512809+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.449730147.45.44.21615666TCP
                                                                2024-12-27T23:40:02.632795+01002046303ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M11192.168.2.449730147.45.44.21615666TCP
                                                                2024-12-27T23:40:02.632795+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.449730147.45.44.21615666TCP

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Dec 27, 2024 23:39:57.361365080 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:39:57.482841015 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:39:57.483192921 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:39:57.695359945 CET49731443192.168.2.4104.26.13.205
                                                                Dec 27, 2024 23:39:57.695421934 CET44349731104.26.13.205192.168.2.4
                                                                Dec 27, 2024 23:39:57.695549965 CET49731443192.168.2.4104.26.13.205
                                                                Dec 27, 2024 23:39:57.706051111 CET49731443192.168.2.4104.26.13.205
                                                                Dec 27, 2024 23:39:57.706073999 CET44349731104.26.13.205192.168.2.4
                                                                Dec 27, 2024 23:39:59.013942957 CET44349731104.26.13.205192.168.2.4
                                                                Dec 27, 2024 23:39:59.014035940 CET49731443192.168.2.4104.26.13.205
                                                                Dec 27, 2024 23:39:59.276457071 CET49731443192.168.2.4104.26.13.205
                                                                Dec 27, 2024 23:39:59.276474953 CET44349731104.26.13.205192.168.2.4
                                                                Dec 27, 2024 23:39:59.276822090 CET44349731104.26.13.205192.168.2.4
                                                                Dec 27, 2024 23:39:59.276891947 CET49731443192.168.2.4104.26.13.205
                                                                Dec 27, 2024 23:39:59.277995110 CET49731443192.168.2.4104.26.13.205
                                                                Dec 27, 2024 23:39:59.323331118 CET44349731104.26.13.205192.168.2.4
                                                                Dec 27, 2024 23:39:59.622783899 CET44349731104.26.13.205192.168.2.4
                                                                Dec 27, 2024 23:39:59.622843027 CET49731443192.168.2.4104.26.13.205
                                                                Dec 27, 2024 23:39:59.622852087 CET44349731104.26.13.205192.168.2.4
                                                                Dec 27, 2024 23:39:59.622901917 CET49731443192.168.2.4104.26.13.205
                                                                Dec 27, 2024 23:39:59.623207092 CET49731443192.168.2.4104.26.13.205
                                                                Dec 27, 2024 23:39:59.623226881 CET44349731104.26.13.205192.168.2.4
                                                                Dec 27, 2024 23:40:02.512809038 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.632673025 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.632690907 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.632699966 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.632713079 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.632721901 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.632730007 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.632740021 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.632795095 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.632847071 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.632867098 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.632875919 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.632884979 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.632930040 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.632942915 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.752331972 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.752438068 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.752448082 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.752475023 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.752484083 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.752520084 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.752537966 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.752571106 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.752584934 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.752603054 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.752649069 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.752657890 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.752780914 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.752825975 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.752861977 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.752880096 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.752881050 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.752949953 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.752985954 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.753040075 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.753046989 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.753089905 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.872237921 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.872250080 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.872291088 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.872342110 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.872369051 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.872488976 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.872497082 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.872581005 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.872678995 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.872760057 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.872823954 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873065948 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873075008 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873080969 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873131990 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873138905 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.873140097 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873197079 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.873218060 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873226881 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873267889 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873272896 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.873290062 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873311996 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.873339891 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.873378992 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873389006 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873430967 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873435974 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.873440027 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873466969 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873486042 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.873506069 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.873519897 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873569012 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.873581886 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873713970 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.873763084 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992028952 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992039919 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992106915 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992115974 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992135048 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992165089 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992185116 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992191076 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992219925 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992249966 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992253065 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992260933 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992311954 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992337942 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992347002 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992367029 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992376089 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992393017 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992410898 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992429972 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992435932 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992444038 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992492914 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992568016 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992577076 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992607117 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992615938 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992633104 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992646933 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992655039 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992664099 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992703915 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992711067 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992712975 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992762089 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992830038 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992846012 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992887974 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.992922068 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992929935 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992934942 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992985964 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.992991924 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993037939 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993077993 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993086100 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993141890 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993161917 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993170023 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993189096 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993196964 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993223906 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993240118 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993328094 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993340969 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993385077 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993390083 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993392944 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993448973 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993495941 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993510962 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993554115 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993560076 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993613005 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993616104 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993681908 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993686914 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993690968 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993736029 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993767977 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993776083 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993818045 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993819952 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993829966 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993874073 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.993920088 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993928909 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993935108 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993972063 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993978977 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.993992090 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.994019032 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.994050980 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994102001 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.994118929 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994127035 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994134903 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994193077 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.994208097 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994216919 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994261026 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.994273901 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994283915 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994326115 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.994348049 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994358063 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994404078 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.994446039 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994503021 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.994519949 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994569063 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994585037 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.994615078 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:02.994618893 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:02.994663000 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.111498117 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.111510038 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.111577034 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.111702919 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.111711025 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.111763000 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.111901999 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.111910105 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.111946106 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.111959934 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.111967087 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.111989021 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112003088 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112029076 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112072945 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112076044 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112123013 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112224102 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112268925 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112287045 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112324953 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112353086 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112360954 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112406969 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112443924 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112451077 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112489939 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112603903 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112617970 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112624884 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112646103 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112667084 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112703085 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112751961 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112771988 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112780094 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112823009 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112871885 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112879992 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112910986 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.112929106 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112951040 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.112982035 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113018036 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.113066912 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113076925 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113123894 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.113169909 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113177061 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113224030 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.113245964 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113254070 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113287926 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113300085 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.113332987 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.113482952 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113491058 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113532066 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.113570929 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113579988 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113616943 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.113684893 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113692045 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113734961 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.113847017 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113854885 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113893986 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.113907099 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113914967 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.113950014 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114002943 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114011049 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114046097 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114058018 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114065886 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114101887 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114116907 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114125013 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114161968 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114229918 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114242077 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114272118 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114284992 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114288092 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114295959 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114329100 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114339113 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114378929 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114387035 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114414930 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114425898 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114449978 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114492893 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114536047 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114545107 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114562035 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114574909 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114594936 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114619970 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114628077 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114662886 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114707947 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114717960 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114748001 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114758015 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114814043 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114849091 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114866972 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114875078 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114881992 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114914894 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.114968061 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.114975929 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115001917 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115014076 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115077972 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115086079 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115120888 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115178108 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115185976 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115194082 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115214109 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115237951 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115284920 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115293980 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115303993 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115335941 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115475893 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115484953 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115494967 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115503073 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115510941 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115518093 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115526915 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115535021 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115559101 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115578890 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115629911 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115638018 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115645885 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115653038 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115675926 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115688086 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115856886 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115864992 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115871906 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115880966 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115888119 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115891933 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115891933 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115895033 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115902901 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115906954 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115911007 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115916967 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115936995 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115967989 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.115971088 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115992069 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.115999937 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116027117 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116038084 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116055965 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116056919 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116065025 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116105080 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116105080 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116115093 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116159916 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116173029 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116182089 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116209984 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116225004 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116230965 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116245031 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116271019 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116281986 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116297007 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116307974 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116337061 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116352081 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116409063 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116416931 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116425037 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116452932 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116466045 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116511106 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116518974 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116527081 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116569996 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116590977 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116599083 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116605997 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116636038 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116656065 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116660118 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116698980 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116707087 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116714954 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116753101 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116760015 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116760969 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116791010 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116803885 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116810083 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116843939 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116867065 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116868019 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116874933 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116908073 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116933107 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116940975 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.116970062 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.116981030 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.117024899 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.117033958 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.117039919 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.117069006 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.117083073 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.117094040 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.117101908 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.117233992 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.232136965 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.232148886 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.232156992 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.232160091 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.232383013 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.233170986 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.233179092 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.233215094 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.233222961 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.233346939 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.234373093 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.234383106 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.234409094 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.234412909 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.234483004 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.234493971 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.234498978 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.234530926 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.234544992 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.234622955 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.234633923 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.234642982 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.234692097 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.235594988 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.235605001 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.235646963 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.235672951 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.235682011 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.235704899 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.235713959 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.235723972 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.235742092 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.235770941 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.236114025 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.236172915 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.236784935 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.236794949 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.236828089 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.236836910 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.236840010 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.236871004 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.236881018 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.236891031 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.236917973 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.236939907 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.237073898 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237083912 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237138033 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.237185001 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237207890 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237216949 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237235069 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.237252951 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.237421036 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237430096 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237478971 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.237601042 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237610102 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237658024 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.237759113 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237767935 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237808943 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237817049 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.237818956 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237868071 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.237950087 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.237977982 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238002062 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238023043 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238034010 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238044024 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238090992 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238102913 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238151073 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238157988 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238215923 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238219976 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238266945 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238270044 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238289118 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238296986 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238317966 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238334894 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238416910 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238466978 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238466978 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238476038 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238486052 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238516092 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238535881 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238591909 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238605022 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238660097 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238661051 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238672018 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238723040 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238754988 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238765001 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238817930 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238831043 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238886118 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238887072 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238940001 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.238970041 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.238979101 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239037037 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239068985 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239078999 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239126921 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239154100 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239206076 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239231110 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239248037 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239259005 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239283085 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239300966 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239358902 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239368916 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239420891 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239448071 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239497900 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239510059 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239548922 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239561081 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239588022 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239590883 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239634991 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239643097 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239653111 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239707947 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239741087 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239749908 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239792109 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239799976 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239800930 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239846945 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239892006 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239901066 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.239948034 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.239976883 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240022898 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240025997 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240036011 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240086079 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240094900 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240154982 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240161896 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240187883 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240212917 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240228891 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240250111 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240258932 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240304947 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240346909 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240355968 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240403891 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240423918 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240433931 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240478039 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240534067 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240542889 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240588903 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240593910 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240639925 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240701914 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240736961 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240747929 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240751982 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240781069 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240791082 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240798950 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240838051 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.240895033 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240905046 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.240959883 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.241039991 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241086006 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.241115093 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241169930 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241175890 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.241180897 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241230011 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.241266012 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241275072 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241322041 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.241322994 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241332054 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241384983 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.241410017 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241420031 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241478920 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.241559029 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241569042 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241571903 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241605997 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241637945 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.241657972 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.241708040 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241718054 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241776943 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.241836071 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241846085 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241893053 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.241969109 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.241976976 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242023945 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242033958 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242034912 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.242084026 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.242165089 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242175102 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242182016 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242228985 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.242228985 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242275000 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.242297888 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242307901 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242355108 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.242455006 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242465973 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242472887 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242482901 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242515087 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.242535114 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.242575884 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242585897 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242594004 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242602110 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242641926 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.242749929 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242759943 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242767096 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242775917 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242789984 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242824078 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.242841959 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242852926 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242861032 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242904902 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.242980003 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.242990971 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243036032 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.243074894 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243086100 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243133068 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.243160009 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243170023 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243220091 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.243267059 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243287086 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243338108 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.243346930 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243355989 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243400097 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.243561029 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243570089 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243613958 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.243647099 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243655920 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243700981 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243705988 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.243710995 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243761063 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.243792057 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243822098 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243845940 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.243860960 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.243928909 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243937969 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243978977 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243988037 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.243995905 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244028091 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244038105 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244043112 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244074106 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244087934 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244115114 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244122982 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244168997 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244173050 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244182110 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244231939 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244256973 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244265079 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244307995 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244318962 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244326115 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244333982 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244384050 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244385004 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244422913 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244430065 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244471073 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244488955 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244501114 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244508982 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244549990 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244556904 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244582891 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244600058 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244633913 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244676113 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244705915 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244729042 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244740009 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244752884 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244757891 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244782925 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244801044 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244822979 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244832039 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244877100 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.244900942 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244910002 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.244960070 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245023966 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245033026 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245048046 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245055914 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245088100 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245110989 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245119095 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245151043 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245160103 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245167017 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245199919 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245227098 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245235920 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245290041 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245318890 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245327950 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245359898 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245373011 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245409966 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245415926 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245457888 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245491028 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245500088 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245547056 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245548010 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245558023 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245565891 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245592117 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245599031 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245611906 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245644093 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245646954 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245652914 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245697975 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245698929 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245742083 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245748043 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.245749950 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.245804071 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.284663916 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.284888983 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.285003901 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.352400064 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.352415085 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.352430105 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.352438927 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.352454901 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.352463961 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.352502108 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.352510929 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.352514029 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.352560043 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.352946043 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.352956057 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.352968931 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.352977037 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.353002071 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.353009939 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.353014946 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.353018999 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.353055954 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.353322983 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.353368044 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.353924036 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.353981972 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.354024887 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.354074955 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.354094982 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.354141951 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.354146004 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.354197025 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.354227066 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.354234934 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.354281902 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.354314089 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.354322910 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.354370117 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.355041981 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.355051041 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.355101109 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.355194092 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.355201960 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.355251074 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.355293989 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.355304003 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.355345964 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.355468988 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.355478048 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.355485916 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.355494976 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.355503082 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.355521917 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.355537891 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.356081009 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356089115 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356131077 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.356287956 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356296062 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356333971 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.356401920 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356410027 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356452942 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356456041 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.356462002 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356503963 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.356534958 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356543064 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356579065 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.356590033 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356616020 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356635094 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.356652975 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356652975 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.356662989 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356703043 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.356756926 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356766939 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356812954 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.356914997 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356924057 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356931925 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356946945 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356956005 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356962919 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.356964111 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.356977940 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357007980 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357042074 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357050896 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357091904 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357094049 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357101917 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357136011 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357223034 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357234001 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357240915 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357265949 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357273102 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357285023 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357305050 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357362032 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357371092 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357402086 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357412100 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357412100 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357451916 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357465982 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357474089 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357517004 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357588053 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357595921 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357609987 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357618093 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357635975 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357662916 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357743025 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357752085 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357791901 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357806921 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357851028 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.357985020 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.357992887 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358001947 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358009100 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358016968 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358033895 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358047009 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358068943 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358092070 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358100891 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358127117 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358135939 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358139992 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358165979 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358182907 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358191967 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358227968 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358264923 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358273029 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358314991 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358355999 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358366013 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358409882 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358438969 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358447075 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358488083 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358563900 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358575106 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358597040 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358607054 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358613968 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358616114 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358624935 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358628988 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358666897 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358681917 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358692884 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358735085 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358741045 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358751059 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358789921 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358815908 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358825922 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358865976 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.358905077 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358913898 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358990908 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.358990908 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359002113 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359036922 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359045982 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359083891 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359157085 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359164953 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359174013 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359203100 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359214067 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359277010 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359286070 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359293938 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359328032 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359338999 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359348059 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359358072 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359380007 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359396935 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359430075 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359440088 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359478951 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359481096 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359519005 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359559059 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359570026 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359596014 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359611034 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359627962 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359637976 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359672070 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359725952 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359735966 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359744072 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359760046 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359770060 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359781981 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359806061 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359807014 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359844923 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359863043 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359872103 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359910011 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.359952927 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359961987 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.359998941 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360004902 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360014915 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360050917 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360096931 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360105991 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360141993 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360183001 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360193968 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360220909 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360239029 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360241890 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360251904 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360285997 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360321045 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360330105 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360338926 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360364914 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360377073 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360433102 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360441923 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360450983 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360460043 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360471010 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360479116 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360496998 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360512972 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360537052 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360546112 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360554934 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360563993 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360580921 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360598087 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360610008 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360619068 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360646963 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360661030 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360707045 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360716105 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360754967 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360763073 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360809088 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360816002 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360826015 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360836029 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360853910 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360873938 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360874891 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360884905 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360913992 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360928059 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360933065 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.360970974 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.360990047 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361000061 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361043930 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361054897 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361064911 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361093998 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361112118 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361114025 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361131907 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361150026 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361164093 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361180067 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361218929 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361224890 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361258030 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361260891 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361298084 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361316919 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361327887 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361354113 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361358881 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361366987 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361367941 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361388922 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361402988 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361460924 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361470938 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361489058 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361498117 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361498117 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361507893 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361529112 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361648083 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361658096 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361665964 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361674070 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361697912 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361713886 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361814022 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361823082 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361833096 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361843109 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361851931 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361860991 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361861944 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361871004 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361875057 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361895084 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361905098 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361906052 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361915112 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361922026 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361947060 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361948013 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361957073 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.361959934 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.361990929 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362061024 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362070084 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362077951 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362088919 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362111092 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362140894 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362166882 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362175941 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362209082 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362237930 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362246990 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362273932 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362282038 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362282991 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362329006 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362411022 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362420082 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362428904 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362437963 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362454891 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362468004 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362487078 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362487078 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362497091 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362531900 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362565994 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362603903 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362664938 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362673998 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362682104 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362714052 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362715006 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362724066 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362761974 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362783909 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362792969 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362828016 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362901926 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362910986 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362943888 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362946033 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.362953901 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.362992048 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363050938 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363059998 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363094091 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363101959 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363111019 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363146067 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363244057 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363257885 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363266945 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363281012 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363291979 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363306999 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363363028 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363372087 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363380909 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363404036 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363420010 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363434076 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363444090 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363456011 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363481045 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363491058 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363493919 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363513947 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363533020 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363548040 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363554955 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363564014 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363595009 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363603115 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363615036 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363651037 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363673925 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363682985 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363708019 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363723993 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363754034 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363763094 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363794088 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363830090 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363838911 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363864899 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363878012 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363914013 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363924026 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363954067 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.363962889 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.363964081 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364000082 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364042997 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364053011 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364062071 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364080906 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364092112 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364093065 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364104033 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364131927 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364144087 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364207029 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364216089 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364227057 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364248037 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364254951 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364259005 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364263058 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364300013 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364317894 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364343882 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364352942 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364381075 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364392996 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364414930 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364423990 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364448071 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364461899 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364480019 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364518881 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364542961 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364552021 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364561081 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364578962 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364593983 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364624023 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364633083 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364664078 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364679098 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364687920 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364715099 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364729881 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364742041 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364751101 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364779949 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364795923 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364809036 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364819050 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364845037 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364854097 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364857912 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364864111 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364890099 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364902020 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.364911079 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.364944935 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365004063 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365012884 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365022898 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365037918 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365061045 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365134001 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365142107 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365150928 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365159988 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365169048 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365169048 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365191936 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365215063 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365262032 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365269899 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365277052 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365286112 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365294933 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365303993 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365324020 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365339994 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365371943 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365381002 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365389109 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365397930 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365408897 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365412951 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365421057 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365427971 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365447998 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365457058 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365464926 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365467072 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365499973 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365536928 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365545034 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365576982 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365607023 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365616083 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365642071 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365663052 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365705967 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365715027 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365748882 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365752935 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365761042 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365780115 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365789890 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365803003 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365824938 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365844965 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365880013 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.365964890 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365972996 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365982056 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365989923 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.365998030 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366000891 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366028070 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366043091 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366079092 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366090059 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366097927 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366106033 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366118908 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366132021 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366153002 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366255999 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366265059 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366274118 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366281986 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366291046 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366292953 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366300106 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366307020 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366307020 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366324902 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366331100 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366333008 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366353989 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366358995 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366367102 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366379976 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366411924 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366447926 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366456985 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366482973 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366493940 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366506100 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366513968 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366543055 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366553068 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366570950 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366579056 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366607904 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366624117 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366632938 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366642952 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366667032 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366678953 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366695881 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366704941 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366730928 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366744995 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366756916 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366767883 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366797924 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366812944 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366852045 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366861105 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366868973 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366878986 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366888046 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366906881 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366928101 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.366961002 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366969109 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366978884 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.366996050 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367010117 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367090940 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367100000 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367108107 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367131948 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367146969 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367158890 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367167950 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367192984 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367208004 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367250919 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367259979 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367275000 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367284060 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367288113 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367301941 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367309093 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367326975 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367326975 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367342949 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367366076 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367433071 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367440939 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367449045 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367471933 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367495060 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367544889 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367553949 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367561102 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367571115 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367589951 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367609024 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367742062 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367749929 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367758036 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367765903 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367773056 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367779016 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367782116 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367782116 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367784977 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367789030 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367791891 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367842913 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367860079 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367867947 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367876053 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367883921 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367907047 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367923975 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367937088 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367945910 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367953062 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367961884 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367970943 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.367980957 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.367990971 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368007898 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368057013 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368065119 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368072987 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368082047 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368091106 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368093014 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368115902 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368132114 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368251085 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368258953 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368268013 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368275881 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368284941 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368284941 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368293047 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368304014 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368310928 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368313074 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368325949 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368341923 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368361950 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368416071 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368424892 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368433952 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368442059 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368449926 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368454933 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368465900 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368472099 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368474007 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368483067 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368488073 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368490934 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368510962 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368534088 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368558884 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368597031 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368606091 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368613958 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368622065 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368630886 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368634939 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368655920 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368680954 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368777990 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368787050 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368794918 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368803024 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368812084 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368815899 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368820906 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368827105 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368829012 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368838072 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368845940 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368849993 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368858099 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368865967 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368875027 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368884087 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368905067 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368913889 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.368954897 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368963957 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368971109 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368979931 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.368989944 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.369012117 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.369126081 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.369134903 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.369142056 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.369152069 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.369159937 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.369164944 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.369178057 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.369187117 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.369199038 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.369379044 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.369386911 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.369395018 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.369427919 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.404814005 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.404828072 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.404839039 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.404855013 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.404898882 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.404907942 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.404912949 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.404936075 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.404946089 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.404978037 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.405006886 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.405070066 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405081034 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405087948 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405128002 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.405137062 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405144930 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405189037 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.405234098 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405245066 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405287027 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.405297041 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405308008 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405348063 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.405455112 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405462980 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405469894 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405477047 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405510902 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.405565023 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405572891 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405613899 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.405647993 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405658960 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405704021 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.405776978 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405786037 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405805111 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405853987 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.405869961 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405914068 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.405920982 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405930042 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.405975103 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.406002998 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406012058 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406056881 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.406088114 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406096935 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406138897 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.406164885 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406198025 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406213045 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.406243086 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.406266928 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406275988 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406327009 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.406408072 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406440973 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406452894 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.406455040 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406464100 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406476974 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.406512022 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.406563044 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406572104 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.406616926 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.471801996 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.471810102 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.471851110 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.471858025 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.471877098 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.471903086 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.471909046 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.471919060 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.471952915 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.471966028 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.471991062 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.471998930 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472044945 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472050905 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472068071 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472100973 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472292900 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472333908 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472461939 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472475052 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472516060 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472527027 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472534895 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472554922 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472580910 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472598076 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472621918 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472630978 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472639084 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472672939 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472688913 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472697973 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472738981 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472739935 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472773075 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472783089 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472791910 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472800970 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472826958 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472846031 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472867012 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472876072 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472915888 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.472939968 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472949028 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472982883 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472990990 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.472992897 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.473016024 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473040104 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.473079920 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.473419905 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473464012 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.473500013 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473509073 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473515987 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473558903 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.473561049 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473570108 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473611116 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.473622084 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473644018 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473679066 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.473742008 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473768950 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473783970 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.473808050 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.473822117 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473829985 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473874092 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.473875046 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473884106 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473920107 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473925114 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.473927975 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.473977089 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.474004984 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.474013090 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.474051952 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.474163055 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.474172115 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.474215031 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.474256039 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.474263906 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.474270105 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.474277973 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.474309921 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.474328995 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.474370956 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.474419117 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.501424074 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.501631975 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.502474070 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.502542973 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.502594948 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.502662897 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.502706051 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.502775908 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.502825975 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.502887964 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.502937078 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.502996922 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503052950 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503120899 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503170013 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503240108 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503297091 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503364086 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503422022 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503489017 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503546000 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503606081 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503659964 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503724098 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503773928 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503850937 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503865957 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.503899097 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.524486065 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.524568081 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.565751076 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.565969944 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.566056967 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.566092014 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.621731043 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.622083902 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.622201920 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.622262001 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.622323036 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.622348070 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.645327091 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.645577908 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.645675898 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.645733118 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.645802021 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.645845890 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.645900011 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.645941973 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.645993948 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646039009 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646100998 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646153927 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646215916 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646261930 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646316051 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646367073 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646434069 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646481991 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646538973 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646599054 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646661043 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646717072 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646795034 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.646842957 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.685903072 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.686254025 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.686327934 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.686369896 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.729739904 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.729892969 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.729969025 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.730010986 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.773705959 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.773910999 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.773989916 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774035931 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774102926 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774154902 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774230003 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.774235010 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774292946 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774362087 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774420023 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774432898 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.774444103 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.774493933 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.774494886 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774503946 CET1566649730147.45.44.216192.168.2.4
                                                                Dec 27, 2024 23:40:03.774538040 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774593115 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774637938 CET4973015666192.168.2.4147.45.44.216
                                                                Dec 27, 2024 23:40:03.774655104 CET1566649730147.45.44.216192.168.2.4

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Dec 27, 2024 23:39:57.549932003 CET192.168.2.41.1.1.10xade3Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Dec 27, 2024 23:39:57.687634945 CET1.1.1.1192.168.2.40xade3No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                Dec 27, 2024 23:39:57.687634945 CET1.1.1.1192.168.2.40xade3No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                Dec 27, 2024 23:39:57.687634945 CET1.1.1.1192.168.2.40xade3No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false

                                                                HTTPS Proxied Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.2.449731104.26.13.2054437544C:\Users\user\Desktop\soft 1.14.exe
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-27 22:39:59 UTC100OUTGET / HTTP/1.1
                                                                Accept: text/html; text/plain; */*
                                                                Host: api.ipify.org
                                                                Cache-Control: no-cache
                                                                2024-12-27 22:39:59 UTC424INHTTP/1.1 200 OK
                                                                Date: Fri, 27 Dec 2024 22:39:59 GMT
                                                                Content-Type: text/plain
                                                                Content-Length: 12
                                                                Connection: close
                                                                Vary: Origin
                                                                CF-Cache-Status: DYNAMIC
                                                                Server: cloudflare
                                                                CF-RAY: 8f8ccf4c8db49e02-EWR
                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2009&min_rtt=2006&rtt_var=759&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=738&delivery_rate=1436301&cwnd=244&unsent_bytes=0&cid=b316d018d6a7268a&ts=618&x=0"
                                                                2024-12-27 22:39:59 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                Data Ascii: 8.46.123.189


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:17:39:55
                                                                Start date:27/12/2024
                                                                Path:C:\Users\user\Desktop\soft 1.14.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Users\user\Desktop\soft 1.14.exe"
                                                                Imagebase:0x7ff608070000
                                                                File size:3'276'800 bytes
                                                                MD5 hash:9D28B3F2746F719FE82A21428F9265AE
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:1
                                                                Start time:17:39:56
                                                                Start date:27/12/2024
                                                                Path:C:\Users\user\Desktop\soft 1.14.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Users\user\Desktop\soft 1.14.exe"
                                                                Imagebase:0x7ff608070000
                                                                File size:3'276'800 bytes
                                                                MD5 hash:9D28B3F2746F719FE82A21428F9265AE
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000001.00000002.1850037500.0000029830CA4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000001.00000003.1849372179.0000029830CA4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: infostealer_win_meduzastealer, Description: Finds MeduzaStealer samples based on specific strings, Source: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Author: Sekoia.io
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:3
                                                                Start time:17:40:13
                                                                Start date:27/12/2024
                                                                Path:C:\Windows\System32\cmd.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\soft 1.14.exe"
                                                                Imagebase:0x7ff7663d0000
                                                                File size:289'792 bytes
                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:4
                                                                Start time:17:40:13
                                                                Start date:27/12/2024
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff7699e0000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:5
                                                                Start time:17:40:13
                                                                Start date:27/12/2024
                                                                Path:C:\Windows\System32\PING.EXE
                                                                Wow64 process (32bit):false
                                                                Commandline:ping 1.1.1.1 -n 1 -w 3000
                                                                Imagebase:0x7ff646420000
                                                                File size:22'528 bytes
                                                                MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:18.6%
                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                  Signature Coverage:3.7%
                                                                  Total number of Nodes:1344
                                                                  Total number of Limit Nodes:24
                                                                  execution_graph 7039 7ff60807a54c 7040 7ff60807a558 7039->7040 7042 7ff60807a57f 7040->7042 7043 7ff60807d414 7040->7043 7044 7ff60807d419 7043->7044 7045 7ff60807d454 7043->7045 7046 7ff60807d44c 7044->7046 7047 7ff60807d43a DeleteCriticalSection 7044->7047 7045->7040 7048 7ff60807b380 __free_lconv_mon 11 API calls 7046->7048 7047->7046 7047->7047 7048->7045 6903 7ff60807a8c8 6914 7ff60807ab88 6903->6914 6906 7ff60807aa4b 6908 7ff608079800 _log10_special 8 API calls 6906->6908 6907 7ff60807a932 IsValidCodePage 6907->6906 6909 7ff60807a943 6907->6909 6910 7ff60807ab6c 6908->6910 6911 7ff60807a972 GetCPInfo 6909->6911 6913 7ff60807a94c __scrt_get_show_window_mode 6909->6913 6911->6906 6911->6913 6921 7ff60807afc8 6913->6921 6932 7ff60807a82c 6914->6932 6917 7ff60807abba 6919 7ff60807abbf GetACP 6917->6919 6920 7ff60807a8f5 6917->6920 6918 7ff60807aba8 GetOEMCP 6918->6920 6919->6920 6920->6906 6920->6907 6920->6913 6922 7ff60807b005 GetCPInfo 6921->6922 6923 7ff60807b0fb 6921->6923 6922->6923 6925 7ff60807b018 6922->6925 6924 7ff608079800 _log10_special 8 API calls 6923->6924 6926 7ff60807b19a 6924->6926 6964 7ff60807c464 6925->6964 6926->6906 6931 7ff60807dae4 64 API calls 6931->6923 6933 7ff60807a850 6932->6933 6939 7ff60807a84b 6932->6939 6934 7ff608079e98 __FrameHandler3::FrameUnwindToEmptyState 59 API calls 6933->6934 6933->6939 6935 7ff60807a86b 6934->6935 6940 7ff60807deb0 6935->6940 6939->6917 6939->6918 6941 7ff60807a88e 6940->6941 6942 7ff60807dec5 6940->6942 6944 7ff60807dee4 6941->6944 6942->6941 6948 7ff60807c9b8 6942->6948 6945 7ff60807def9 6944->6945 6946 7ff60807df0c 6944->6946 6945->6946 6961 7ff60807a7b0 6945->6961 6946->6939 6949 7ff608079e98 __FrameHandler3::FrameUnwindToEmptyState 59 API calls 6948->6949 6950 7ff60807c9c7 6949->6950 6951 7ff60807ca12 6950->6951 6960 7ff608079dd8 EnterCriticalSection 6950->6960 6951->6941 6962 7ff608079e98 __FrameHandler3::FrameUnwindToEmptyState 59 API calls 6961->6962 6963 7ff60807a7b9 6962->6963 6965 7ff60807a82c 59 API calls 6964->6965 6966 7ff60807c4a6 6965->6966 6984 7ff60807c5f4 6966->6984 6968 7ff60807c4e3 6971 7ff608079800 _log10_special 8 API calls 6968->6971 6969 7ff60807c4dc 6969->6968 6970 7ff60807c240 12 API calls 6969->6970 6973 7ff60807c5a0 6969->6973 6975 7ff60807c50c __scrt_get_show_window_mode 6969->6975 6970->6975 6972 7ff60807b08f 6971->6972 6979 7ff60807dae4 6972->6979 6973->6968 6974 7ff60807b380 __free_lconv_mon 11 API calls 6973->6974 6974->6968 6975->6973 6976 7ff60807c5f4 MultiByteToWideChar 6975->6976 6977 7ff60807c582 6976->6977 6977->6973 6978 7ff60807c586 GetStringTypeW 6977->6978 6978->6973 6980 7ff60807a82c 59 API calls 6979->6980 6981 7ff60807db09 6980->6981 6987 7ff60807db7c 6981->6987 6986 7ff60807c5fd MultiByteToWideChar 6984->6986 6988 7ff60807dbbd 6987->6988 6989 7ff60807c5f4 MultiByteToWideChar 6988->6989 6992 7ff60807dc07 6989->6992 6990 7ff60807de85 6991 7ff608079800 _log10_special 8 API calls 6990->6991 6993 7ff60807b0c2 6991->6993 6992->6990 6995 7ff60807dd3d 6992->6995 6997 7ff60807dc3f 6992->6997 7026 7ff60807c240 6992->7026 6993->6931 6995->6990 6996 7ff60807b380 __free_lconv_mon 11 API calls 6995->6996 6996->6990 6997->6995 6998 7ff60807c5f4 MultiByteToWideChar 6997->6998 6999 7ff60807dcb2 6998->6999 6999->6995 7018 7ff6080799f8 6999->7018 7002 7ff60807dcfd 7002->6995 7005 7ff6080799f8 7 API calls 7002->7005 7003 7ff60807dd4e 7004 7ff60807c240 12 API calls 7003->7004 7006 7ff60807de20 7003->7006 7008 7ff60807dd6c 7003->7008 7004->7008 7005->6995 7006->6995 7007 7ff60807b380 __free_lconv_mon 11 API calls 7006->7007 7007->6995 7008->6995 7009 7ff6080799f8 7 API calls 7008->7009 7010 7ff60807ddec 7009->7010 7010->7006 7011 7ff60807de0c 7010->7011 7012 7ff60807de22 7010->7012 7033 7ff60807d0bc 7011->7033 7013 7ff60807d0bc WideCharToMultiByte 7012->7013 7015 7ff60807de1a 7013->7015 7015->7006 7016 7ff60807de3a 7015->7016 7016->6995 7017 7ff60807b380 __free_lconv_mon 11 API calls 7016->7017 7017->6995 7019 7ff608079b9c __FrameHandler3::FrameUnwindToEmptyState 5 API calls 7018->7019 7020 7ff608079a36 7019->7020 7021 7ff608079a9d 7020->7021 7022 7ff608079a3e LCMapStringEx 7020->7022 7036 7ff608079ae4 7021->7036 7023 7ff608079acf 7022->7023 7023->6995 7023->7002 7023->7003 7025 7ff608079aa7 LCMapStringW 7025->7023 7027 7ff60807c28b 7026->7027 7032 7ff60807c24f _set_fmode 7026->7032 7028 7ff60807c11c _set_fmode 11 API calls 7027->7028 7030 7ff60807c289 7028->7030 7029 7ff60807c272 HeapAlloc 7029->7030 7029->7032 7030->6997 7031 7ff608076a24 _set_fmode 2 API calls 7031->7032 7032->7027 7032->7029 7032->7031 7035 7ff60807d0e0 WideCharToMultiByte 7033->7035 7037 7ff608079b9c __FrameHandler3::FrameUnwindToEmptyState 5 API calls 7036->7037 7038 7ff608079b12 7037->7038 7038->7025 7219 7ff6080765d0 7220 7ff60807b380 __free_lconv_mon 11 API calls 7219->7220 7221 7ff6080765e0 7220->7221 7222 7ff60807b380 __free_lconv_mon 11 API calls 7221->7222 7223 7ff6080765f4 7222->7223 7224 7ff60807b380 __free_lconv_mon 11 API calls 7223->7224 7225 7ff608076608 7224->7225 7226 7ff60807b380 __free_lconv_mon 11 API calls 7225->7226 7227 7ff60807661c 7226->7227 7617 7ff608082a50 7620 7ff608078720 7617->7620 7621 7ff608078787 7620->7621 7622 7ff60807873a 7620->7622 7622->7621 7623 7ff608078090 _CreateFrameInfo 68 API calls 7622->7623 7623->7621 5955 7ff608074f3c 5985 7ff608075210 5955->5985 5958 7ff608075088 6041 7ff6080754d4 IsProcessorFeaturePresent 5958->6041 5959 7ff608074f58 __scrt_acquire_startup_lock 5961 7ff608075092 5959->5961 5962 7ff608074f76 5959->5962 5963 7ff6080754d4 7 API calls 5961->5963 5964 7ff608074f97 __FrameHandler3::FrameUnwindToEmptyState __scrt_release_startup_lock 5962->5964 5993 7ff608077680 5962->5993 5965 7ff60807509d 5963->5965 5969 7ff608074f9b 5964->5969 5972 7ff608075021 5964->5972 6017 7ff608076748 5964->6017 6006 7ff608076710 5965->6006 5997 7ff60807542c 5972->5997 5974 7ff608075026 6000 7ff608071020 5974->6000 5980 7ff60807504d 5981 7ff608075057 5980->5981 6024 7ff608076728 5980->6024 6035 7ff60807524c 5981->6035 5986 7ff608075218 5985->5986 5987 7ff608075224 __scrt_dllmain_crt_thread_attach 5986->5987 5988 7ff608075231 5987->5988 5992 7ff608074f50 5987->5992 6059 7ff608076630 5988->6059 5992->5958 5992->5959 5994 7ff608077693 5993->5994 5995 7ff6080776ba 5994->5995 6338 7ff608074e38 5994->6338 5995->5964 6484 7ff608081e00 5997->6484 5999 7ff608075443 GetStartupInfoW 5999->5974 6001 7ff608071084 6000->6001 6486 7ff6080747d0 6001->6486 6003 7ff608079800 _log10_special 8 API calls 6004 7ff6080710c3 6003->6004 6022 7ff608075468 GetModuleHandleW 6004->6022 6007 7ff608076858 6006->6007 6008 7ff60807687d GetModuleHandleW 6007->6008 6009 7ff6080768c7 6007->6009 6008->6009 6015 7ff60807688a 6008->6015 6841 7ff6080769ec 6009->6841 6012 7ff6080750a4 6048 7ff60807671c 6012->6048 6015->6009 6855 7ff608076790 GetModuleHandleExW 6015->6855 6018 7ff608076780 6017->6018 6019 7ff60807675f 6017->6019 6882 7ff608077e28 6018->6882 6019->5972 6023 7ff608075049 6022->6023 6023->5965 6023->5980 6025 7ff608076858 6024->6025 6026 7ff60807687d GetModuleHandleW 6025->6026 6027 7ff6080768c7 6025->6027 6026->6027 6033 7ff60807688a 6026->6033 6028 7ff6080769ec __FrameHandler3::FrameUnwindToEmptyState 11 API calls 6027->6028 6029 7ff608076903 6028->6029 6030 7ff60807690a 6029->6030 6031 7ff608076824 __FrameHandler3::FrameUnwindToEmptyState 11 API calls 6029->6031 6030->5981 6032 7ff60807691c 6031->6032 6033->6027 6034 7ff608076790 __FrameHandler3::FrameUnwindToEmptyState 3 API calls 6033->6034 6034->6027 6036 7ff60807525d 6035->6036 6037 7ff608075060 6036->6037 6887 7ff608076644 6036->6887 6037->5969 6039 7ff608075266 6040 7ff6080764cc 7 API calls 6039->6040 6040->6037 6042 7ff6080754fa _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 6041->6042 6043 7ff608075519 RtlCaptureContext RtlLookupFunctionEntry 6042->6043 6044 7ff608075542 RtlVirtualUnwind 6043->6044 6045 7ff60807557e __scrt_get_show_window_mode 6043->6045 6044->6045 6046 7ff6080755b0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 6045->6046 6047 7ff6080755fe _invalid_parameter_noinfo_noreturn 6046->6047 6047->5961 6049 7ff608076858 6048->6049 6050 7ff60807687d GetModuleHandleW 6049->6050 6051 7ff6080768c7 6049->6051 6050->6051 6056 7ff60807688a 6050->6056 6052 7ff6080769ec __FrameHandler3::FrameUnwindToEmptyState 11 API calls 6051->6052 6053 7ff608076903 6052->6053 6054 7ff6080750ac 6053->6054 6055 7ff608076824 __FrameHandler3::FrameUnwindToEmptyState 11 API calls 6053->6055 6057 7ff60807691c 6055->6057 6056->6051 6058 7ff608076790 __FrameHandler3::FrameUnwindToEmptyState 3 API calls 6056->6058 6058->6051 6060 7ff60807b3bc 6059->6060 6061 7ff608075236 6060->6061 6070 7ff60807a7cc 6060->6070 6074 7ff60807a510 6060->6074 6061->5992 6064 7ff6080764cc 6061->6064 6065 7ff6080764d4 6064->6065 6066 7ff6080764de 6064->6066 6317 7ff60807806c 6065->6317 6066->5992 6071 7ff60807a7d9 6070->6071 6073 7ff60807a808 6070->6073 6085 7ff608079f6c 6071->6085 6073->6060 6316 7ff608079dd8 EnterCriticalSection 6074->6316 6076 7ff60807a520 6077 7ff60807d464 60 API calls 6076->6077 6078 7ff60807a529 6077->6078 6079 7ff60807a537 6078->6079 6081 7ff60807a58c 62 API calls 6078->6081 6080 7ff608079df4 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 6079->6080 6082 7ff60807a543 6080->6082 6083 7ff60807a532 6081->6083 6082->6060 6084 7ff60807a67c GetStdHandle GetFileType 6083->6084 6084->6079 6086 7ff608079f7d FlsGetValue 6085->6086 6087 7ff608079f98 FlsSetValue 6085->6087 6088 7ff608079f8a 6086->6088 6089 7ff608079f92 6086->6089 6087->6088 6090 7ff608079fa5 6087->6090 6091 7ff608079f90 6088->6091 6123 7ff608077fcc 6088->6123 6089->6087 6105 7ff60807c1c8 6090->6105 6091->6073 6096 7ff608079fd2 FlsSetValue 6099 7ff608079ff0 6096->6099 6100 7ff608079fde FlsSetValue 6096->6100 6097 7ff608079fc2 FlsSetValue 6098 7ff608079fcb 6097->6098 6112 7ff60807b380 6098->6112 6118 7ff60807a220 6099->6118 6100->6098 6110 7ff60807c1d9 _set_fmode 6105->6110 6106 7ff60807c22a 6137 7ff60807c11c 6106->6137 6107 7ff60807c20e HeapAlloc 6108 7ff608079fb4 6107->6108 6107->6110 6108->6096 6108->6097 6110->6106 6110->6107 6134 7ff608076a24 6110->6134 6113 7ff60807b3b4 6112->6113 6114 7ff60807b385 RtlFreeHeap 6112->6114 6113->6088 6114->6113 6115 7ff60807b3a0 GetLastError 6114->6115 6116 7ff60807b3ad __free_lconv_mon 6115->6116 6117 7ff60807c11c _set_fmode 9 API calls 6116->6117 6117->6113 6163 7ff60807a3e8 6118->6163 6177 7ff60807b4b8 6123->6177 6140 7ff608076a6c 6134->6140 6146 7ff60807a010 GetLastError 6137->6146 6139 7ff60807c125 6139->6108 6145 7ff608079dd8 EnterCriticalSection 6140->6145 6142 7ff608076a79 6143 7ff608079df4 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 6142->6143 6144 7ff608076a36 6143->6144 6144->6110 6147 7ff60807a051 FlsSetValue 6146->6147 6148 7ff60807a034 6146->6148 6149 7ff60807a063 6147->6149 6153 7ff60807a041 6147->6153 6148->6147 6148->6153 6151 7ff60807c1c8 _set_fmode 5 API calls 6149->6151 6150 7ff60807a0bd SetLastError 6150->6139 6152 7ff60807a072 6151->6152 6154 7ff60807a090 FlsSetValue 6152->6154 6155 7ff60807a080 FlsSetValue 6152->6155 6153->6150 6157 7ff60807a09c FlsSetValue 6154->6157 6158 7ff60807a0ae 6154->6158 6156 7ff60807a089 6155->6156 6159 7ff60807b380 __free_lconv_mon 5 API calls 6156->6159 6157->6156 6160 7ff60807a220 _set_fmode 5 API calls 6158->6160 6159->6153 6161 7ff60807a0b6 6160->6161 6162 7ff60807b380 __free_lconv_mon 5 API calls 6161->6162 6162->6150 6175 7ff608079dd8 EnterCriticalSection 6163->6175 6213 7ff60807b764 6177->6213 6218 7ff608079dd8 EnterCriticalSection 6213->6218 6318 7ff60807807b 6317->6318 6319 7ff6080764d9 6317->6319 6325 7ff60807d614 6318->6325 6321 7ff6080798c8 6319->6321 6322 7ff6080798f3 6321->6322 6323 7ff6080798f7 6322->6323 6324 7ff6080798d6 DeleteCriticalSection 6322->6324 6323->6066 6324->6322 6329 7ff60807d75c 6325->6329 6330 7ff60807d63b TlsFree 6329->6330 6331 7ff60807d7a0 __vcrt_FlsAlloc 6329->6331 6331->6330 6332 7ff60807d7ce LoadLibraryExW 6331->6332 6333 7ff60807d88d GetProcAddress 6331->6333 6337 7ff60807d811 LoadLibraryExW 6331->6337 6334 7ff60807d86d 6332->6334 6335 7ff60807d7ef GetLastError 6332->6335 6333->6330 6334->6333 6336 7ff60807d884 FreeLibrary 6334->6336 6335->6331 6336->6333 6337->6331 6337->6334 6339 7ff608074e46 6338->6339 6359 7ff6080759e0 6339->6359 6341 7ff608074e57 6364 7ff608077ce0 6341->6364 6343 7ff608074e74 6370 7ff608075278 6343->6370 6345 7ff608074eef 6346 7ff6080754d4 7 API calls 6345->6346 6358 7ff608074efd 6345->6358 6348 7ff608074f0d 6346->6348 6347 7ff608074e8c _RTC_Initialize 6347->6345 6375 7ff6080750c4 6347->6375 6348->5994 6350 7ff608074ea1 6378 7ff608076bbc 6350->6378 6354 7ff608074eb6 6355 7ff608076ab0 59 API calls 6354->6355 6356 7ff608074ee1 6355->6356 6356->6345 6357 7ff6080773a4 62 API calls 6356->6357 6357->6345 6358->5994 6360 7ff6080759ff 6359->6360 6361 7ff608075a4a RaiseException 6360->6361 6362 7ff608075a28 RtlPcToFileHeader 6360->6362 6361->6341 6363 7ff608075a40 6362->6363 6363->6361 6365 7ff608077cf1 6364->6365 6366 7ff60807c11c _set_fmode 11 API calls 6365->6366 6367 7ff608077cf9 6365->6367 6368 7ff608077d08 6366->6368 6367->6343 6369 7ff6080776c8 _invalid_parameter_noinfo 59 API calls 6368->6369 6369->6367 6371 7ff608075289 6370->6371 6374 7ff60807528e __scrt_release_startup_lock 6370->6374 6372 7ff6080754d4 7 API calls 6371->6372 6371->6374 6373 7ff608075302 6372->6373 6374->6347 6406 7ff6080750dc 6375->6406 6377 7ff6080750cd 6377->6350 6379 7ff608076bdc 6378->6379 6380 7ff608074ead 6378->6380 6381 7ff608076bfa GetModuleFileNameW 6379->6381 6382 7ff608076be4 6379->6382 6380->6345 6405 7ff6080753c4 InitializeSListHead 6380->6405 6386 7ff608076c25 6381->6386 6383 7ff60807c11c _set_fmode 11 API calls 6382->6383 6384 7ff608076be9 6383->6384 6385 7ff6080776c8 _invalid_parameter_noinfo 59 API calls 6384->6385 6385->6380 6421 7ff608076d40 6386->6421 6389 7ff608076c6d 6390 7ff60807c11c _set_fmode 11 API calls 6389->6390 6391 7ff608076c72 6390->6391 6392 7ff60807b380 __free_lconv_mon 11 API calls 6391->6392 6395 7ff608076c80 6392->6395 6393 7ff608076c85 6394 7ff608076ca7 6393->6394 6427 7ff60807ca90 6393->6427 6397 7ff60807b380 __free_lconv_mon 11 API calls 6394->6397 6395->6380 6397->6380 6399 7ff608076cec 6403 7ff60807b380 __free_lconv_mon 11 API calls 6399->6403 6400 7ff608076cd3 6401 7ff60807b380 __free_lconv_mon 11 API calls 6400->6401 6402 7ff608076cdc 6401->6402 6404 7ff60807b380 __free_lconv_mon 11 API calls 6402->6404 6403->6394 6404->6395 6407 7ff6080750f6 6406->6407 6409 7ff6080750ef 6406->6409 6410 7ff608076f6c 6407->6410 6409->6377 6413 7ff6080772d8 6410->6413 6420 7ff608079dd8 EnterCriticalSection 6413->6420 6422 7ff608076d58 6421->6422 6426 7ff608076c65 6421->6426 6423 7ff60807c1c8 _set_fmode 11 API calls 6422->6423 6422->6426 6424 7ff608076d86 6423->6424 6425 7ff60807b380 __free_lconv_mon 11 API calls 6424->6425 6425->6426 6426->6389 6426->6393 6428 7ff60807ca98 6427->6428 6429 7ff60807cad8 6428->6429 6464 7ff60807caf0 6428->6464 6430 7ff60807c11c _set_fmode 11 API calls 6429->6430 6431 7ff60807cadd 6430->6431 6433 7ff6080776c8 _invalid_parameter_noinfo 59 API calls 6431->6433 6432 7ff60807cd20 6435 7ff608076d40 11 API calls 6432->6435 6434 7ff60807cae9 6433->6434 6438 7ff608079800 _log10_special 8 API calls 6434->6438 6436 7ff60807cd70 6435->6436 6437 7ff60807cd78 6436->6437 6449 7ff60807cdaa 6436->6449 6440 7ff60807b380 __free_lconv_mon 11 API calls 6437->6440 6442 7ff608076ccd 6438->6442 6439 7ff60807ce88 62 API calls 6439->6464 6444 7ff60807cd7f 6440->6444 6441 7ff60807ce16 6445 7ff60807b380 __free_lconv_mon 11 API calls 6441->6445 6442->6399 6442->6400 6443 7ff60807ccc9 6446 7ff60807ccea 6443->6446 6453 7ff60807b380 __free_lconv_mon 11 API calls 6443->6453 6444->6446 6450 7ff60807b380 __free_lconv_mon 11 API calls 6444->6450 6447 7ff60807ce25 6445->6447 6452 7ff60807b380 __free_lconv_mon 11 API calls 6446->6452 6451 7ff60807ce3e 6447->6451 6454 7ff60807b380 __free_lconv_mon 11 API calls 6447->6454 6448 7ff60807cbc6 FindFirstFileExW 6448->6464 6449->6441 6449->6449 6458 7ff60807ce72 6449->6458 6475 7ff60807c308 6449->6475 6450->6444 6455 7ff60807b380 __free_lconv_mon 11 API calls 6451->6455 6452->6434 6453->6443 6454->6447 6455->6434 6456 7ff60807ccf8 6456->6446 6460 7ff60807b380 __free_lconv_mon 11 API calls 6456->6460 6461 7ff608077718 _invalid_parameter_noinfo_noreturn 17 API calls 6458->6461 6459 7ff60807cc6f FindNextFileW 6459->6464 6460->6456 6462 7ff60807ce84 6461->6462 6463 7ff60807ccef FindClose 6463->6456 6464->6432 6464->6439 6464->6443 6464->6448 6464->6456 6464->6459 6464->6463 6465 7ff60807ccb1 FindClose 6464->6465 6467 7ff60807ef20 6464->6467 6465->6464 6468 7ff60807ef4d 6467->6468 6469 7ff60807c11c _set_fmode 11 API calls 6468->6469 6474 7ff60807ef62 6468->6474 6470 7ff60807ef57 6469->6470 6471 7ff6080776c8 _invalid_parameter_noinfo 59 API calls 6470->6471 6471->6474 6472 7ff608079800 _log10_special 8 API calls 6473 7ff60807f320 6472->6473 6473->6465 6474->6472 6480 7ff60807c325 6475->6480 6476 7ff60807c32a 6477 7ff60807c340 6476->6477 6478 7ff60807c11c _set_fmode 11 API calls 6476->6478 6477->6449 6479 7ff60807c334 6478->6479 6481 7ff6080776c8 _invalid_parameter_noinfo 59 API calls 6479->6481 6480->6476 6480->6477 6482 7ff60807c376 6480->6482 6481->6477 6482->6477 6483 7ff60807c11c _set_fmode 11 API calls 6482->6483 6483->6479 6485 7ff608081df0 6484->6485 6485->5999 6485->6485 6503 7ff608071c10 6486->6503 6488 7ff608074852 6510 7ff6080710d0 6488->6510 6492 7ff6080747fa 6492->6488 6507 7ff608074940 6492->6507 6496 7ff60807487c 6559 7ff608074340 GetModuleFileNameA 6496->6559 6499 7ff6080716d0 59 API calls 6500 7ff60807489b 6499->6500 6501 7ff6080716d0 59 API calls 6500->6501 6502 7ff6080710b3 6501->6502 6502->6003 6504 7ff608071c2b 6503->6504 6574 7ff608072c40 6504->6574 6578 7ff608074970 6507->6578 6511 7ff608071410 79 API calls 6510->6511 6512 7ff608071113 6511->6512 6692 7ff608071590 6512->6692 6517 7ff608071410 79 API calls 6518 7ff608071184 6517->6518 6519 7ff6080716d0 59 API calls 6518->6519 6520 7ff608071192 6519->6520 6521 7ff608071650 79 API calls 6520->6521 6522 7ff6080711a5 6521->6522 6523 7ff608071410 79 API calls 6522->6523 6524 7ff6080711ba 6523->6524 6525 7ff6080716d0 59 API calls 6524->6525 6526 7ff6080711c8 6525->6526 6702 7ff608071700 6526->6702 6528 7ff6080711db 6708 7ff608071870 6528->6708 6530 7ff60807122f 6712 7ff608071910 6530->6712 6532 7ff60807127c 6721 7ff6080719e0 6532->6721 6535 7ff6080716d0 59 API calls 6535->6532 6537 7ff6080716d0 59 API calls 6538 7ff608071294 6537->6538 6539 7ff6080716d0 59 API calls 6538->6539 6540 7ff60807129d 6539->6540 6541 7ff6080719e0 59 API calls 6540->6541 6542 7ff6080712a9 6541->6542 6543 7ff6080716d0 59 API calls 6542->6543 6544 7ff6080712b2 6543->6544 6545 7ff608071410 6544->6545 6546 7ff608071c10 8 API calls 6545->6546 6547 7ff60807143b 6546->6547 6548 7ff608071c60 79 API calls 6547->6548 6549 7ff60807145b 6548->6549 6826 7ff608073ff0 6549->6826 6552 7ff608071c60 79 API calls 6553 7ff60807149f 6552->6553 6554 7ff6080714b4 6553->6554 6555 7ff6080716d0 59 API calls 6553->6555 6556 7ff6080716d0 6554->6556 6555->6554 6830 7ff608073c40 6556->6830 6558 7ff6080716e7 6558->6496 6562 7ff6080743b0 __scrt_get_show_window_mode 6559->6562 6564 7ff608074455 6559->6564 6560 7ff608079800 _log10_special 8 API calls 6561 7ff608074623 6560->6561 6561->6499 6836 7ff608074630 CreateProcessA 6562->6836 6564->6560 6565 7ff608074451 6565->6564 6837 7ff6080746f0 ReadProcessMemory 6565->6837 6567 7ff6080744a7 VirtualAllocEx 6838 7ff608074760 WriteProcessMemory 6567->6838 6569 7ff608074501 6570 7ff60807458f 6569->6570 6839 7ff608074760 WriteProcessMemory 6569->6839 6840 7ff608074760 WriteProcessMemory 6570->6840 6573 7ff6080745c1 SetThreadContext ResumeThread 6573->6564 6575 7ff608072c6c 6574->6575 6576 7ff608079800 _log10_special 8 API calls 6575->6576 6577 7ff608071c33 6576->6577 6577->6492 6579 7ff6080749f2 6578->6579 6582 7ff6080749a5 6578->6582 6584 7ff608074a20 6579->6584 6581 7ff608079800 _log10_special 8 API calls 6583 7ff60807495b 6581->6583 6582->6581 6583->6492 6602 7ff608072360 6584->6602 6587 7ff608074a83 6606 7ff608072420 6587->6606 6590 7ff608074aad 6611 7ff608072460 6590->6611 6592 7ff608074ad4 6593 7ff608074b78 6592->6593 6594 7ff608074b1f 6592->6594 6595 7ff608074bc0 8 API calls 6593->6595 6614 7ff608074bc0 6594->6614 6601 7ff608074b66 6595->6601 6598 7ff608079800 _log10_special 8 API calls 6600 7ff608074bb3 6598->6600 6600->6582 6601->6598 6603 7ff608072383 6602->6603 6604 7ff608079800 _log10_special 8 API calls 6603->6604 6605 7ff6080723f5 6604->6605 6605->6587 6621 7ff608072400 6605->6621 6607 7ff608072360 8 API calls 6606->6607 6608 7ff60807243c 6607->6608 6624 7ff608072ac0 6608->6624 6628 7ff608072610 6611->6628 6615 7ff608074bfb 6614->6615 6616 7ff608079800 _log10_special 8 API calls 6615->6616 6617 7ff608074b52 6616->6617 6618 7ff608072560 6617->6618 6653 7ff608071b20 6618->6653 6669 7ff608074cdc 6621->6669 6625 7ff608072afd 6624->6625 6626 7ff608079800 _log10_special 8 API calls 6625->6626 6627 7ff60807244d 6626->6627 6627->6590 6631 7ff608072640 6628->6631 6632 7ff608072658 6631->6632 6635 7ff608072690 6632->6635 6636 7ff6080726ac 6635->6636 6641 7ff608072495 6635->6641 6637 7ff6080726c8 6636->6637 6638 7ff6080726b7 6636->6638 6650 7ff608072770 6637->6650 6642 7ff6080726f0 6638->6642 6641->6592 6643 7ff608072718 6642->6643 6644 7ff608072713 6642->6644 6646 7ff608072770 79 API calls 6643->6646 6645 7ff608072790 RtlPcToFileHeader RaiseException 6644->6645 6645->6643 6648 7ff608072722 6646->6648 6647 7ff60807272f 6647->6641 6648->6647 6649 7ff6080776e8 _invalid_parameter_noinfo_noreturn 59 API calls 6648->6649 6649->6647 6651 7ff608074c44 79 API calls 6650->6651 6652 7ff608072783 6651->6652 6652->6641 6656 7ff608071b50 6653->6656 6655 7ff608071b46 6655->6601 6657 7ff608071b78 6656->6657 6658 7ff608071b69 6656->6658 6657->6655 6660 7ff608071b90 6658->6660 6661 7ff608071beb 6660->6661 6662 7ff608071bf3 6661->6662 6664 7ff6080776e8 6661->6664 6662->6657 6665 7ff608077ab0 _invalid_parameter_noinfo 59 API calls 6664->6665 6666 7ff608077701 6665->6666 6667 7ff608077718 _invalid_parameter_noinfo_noreturn 17 API calls 6666->6667 6668 7ff608077716 6667->6668 6676 7ff608074d80 6669->6676 6672 7ff6080759e0 Concurrency::cancel_current_task 2 API calls 6673 7ff608074cfe 6672->6673 6679 7ff6080763c4 6673->6679 6675 7ff608072410 6677 7ff6080763c4 __std_exception_copy 59 API calls 6676->6677 6678 7ff608074ced 6677->6678 6678->6672 6680 7ff6080763e5 6679->6680 6681 7ff60807641a __std_exception_copy 6679->6681 6680->6681 6683 7ff608079820 6680->6683 6681->6675 6684 7ff60807982d 6683->6684 6685 7ff608079837 6683->6685 6684->6685 6690 7ff608079852 6684->6690 6686 7ff60807c11c _set_fmode 11 API calls 6685->6686 6687 7ff60807983e 6686->6687 6689 7ff6080776c8 _invalid_parameter_noinfo 59 API calls 6687->6689 6688 7ff60807984a 6688->6681 6689->6688 6690->6688 6691 7ff60807c11c _set_fmode 11 API calls 6690->6691 6691->6687 6693 7ff6080715ce 6692->6693 6724 7ff6080737c0 6693->6724 6695 7ff608071635 6696 7ff608079800 _log10_special 8 API calls 6695->6696 6697 7ff60807115d 6696->6697 6698 7ff608071650 6697->6698 6699 7ff60807167a 6698->6699 6770 7ff608073d60 6699->6770 6703 7ff60807172d 6702->6703 6704 7ff6080737c0 79 API calls 6703->6704 6705 7ff608071789 6704->6705 6706 7ff608079800 _log10_special 8 API calls 6705->6706 6707 7ff608071796 6706->6707 6707->6528 6709 7ff608071892 6708->6709 6710 7ff608071906 6709->6710 6783 7ff608072d40 6709->6783 6710->6530 6713 7ff608071c10 8 API calls 6712->6713 6714 7ff60807193f 6713->6714 6787 7ff608071c60 6714->6787 6716 7ff608071957 6717 7ff608071c60 79 API calls 6716->6717 6718 7ff608071986 6717->6718 6719 7ff608071260 6718->6719 6720 7ff6080716d0 59 API calls 6718->6720 6719->6532 6719->6535 6720->6719 6722 7ff608071a00 59 API calls 6721->6722 6723 7ff608071288 6722->6723 6723->6537 6725 7ff6080737ef 6724->6725 6726 7ff60807385f 6725->6726 6732 7ff6080738d0 6725->6732 6726->6695 6749 7ff608073ad0 6732->6749 6735 7ff6080738fc 6753 7ff608073b60 6735->6753 6739 7ff608073920 6740 7ff608073953 6739->6740 6762 7ff608073a20 6740->6762 6743 7ff608079800 _log10_special 8 API calls 6744 7ff608073844 6743->6744 6745 7ff6080739e0 6744->6745 6746 7ff6080739fc 6745->6746 6747 7ff6080739f4 6745->6747 6746->6726 6766 7ff608071a00 6747->6766 6750 7ff608073af3 6749->6750 6751 7ff608079800 _log10_special 8 API calls 6750->6751 6752 7ff6080738f2 6751->6752 6752->6735 6759 7ff608073b40 6752->6759 6754 7ff608073bb2 6753->6754 6755 7ff608072610 79 API calls 6754->6755 6756 7ff608073bbf 6755->6756 6757 7ff608079800 _log10_special 8 API calls 6756->6757 6758 7ff608073822 6757->6758 6758->6739 6760 7ff608074cdc std::_Xinvalid_argument 61 API calls 6759->6760 6761 7ff608073b50 6760->6761 6763 7ff608073a4c __GSHandlerCheck_EH 6762->6763 6764 7ff608079800 _log10_special 8 API calls 6763->6764 6765 7ff60807399e 6764->6765 6765->6743 6768 7ff608071a17 6766->6768 6767 7ff608071a9b 6767->6746 6768->6767 6769 7ff608071b20 59 API calls 6768->6769 6769->6767 6771 7ff608072360 8 API calls 6770->6771 6772 7ff608073d9b 6771->6772 6773 7ff608072400 61 API calls 6772->6773 6774 7ff608073da5 6772->6774 6773->6774 6775 7ff608072360 8 API calls 6774->6775 6780 7ff608073dd5 6774->6780 6776 7ff608073e34 6775->6776 6777 7ff608072ac0 8 API calls 6776->6777 6778 7ff608073e46 6777->6778 6779 7ff608072460 79 API calls 6778->6779 6779->6780 6781 7ff608079800 _log10_special 8 API calls 6780->6781 6782 7ff608071172 6781->6782 6782->6517 6784 7ff608072d72 6783->6784 6785 7ff608079800 _log10_special 8 API calls 6784->6785 6786 7ff608072dc2 6785->6786 6786->6709 6788 7ff608071c81 6787->6788 6789 7ff608071c92 6788->6789 6790 7ff608071ca1 6788->6790 6800 7ff608071fc0 6789->6800 6794 7ff608072020 6790->6794 6793 7ff608071c9f 6793->6716 6795 7ff6080720c0 6794->6795 6797 7ff608072064 6794->6797 6804 7ff608072190 6795->6804 6798 7ff608079800 _log10_special 8 API calls 6797->6798 6799 7ff6080720f1 6798->6799 6799->6793 6801 7ff608071ff5 6800->6801 6802 7ff608079800 _log10_special 8 API calls 6801->6802 6803 7ff608072014 6802->6803 6803->6793 6805 7ff608072360 8 API calls 6804->6805 6807 7ff6080721e8 6805->6807 6806 7ff6080721f9 6809 7ff608072420 8 API calls 6806->6809 6807->6806 6808 7ff608072400 61 API calls 6807->6808 6808->6806 6810 7ff608072223 6809->6810 6811 7ff608072460 79 API calls 6810->6811 6812 7ff60807224a 6811->6812 6813 7ff6080722fc 6812->6813 6814 7ff608072295 6812->6814 6815 7ff6080724c0 8 API calls 6813->6815 6822 7ff6080724c0 6814->6822 6821 7ff6080722ea 6815->6821 6818 7ff608079800 _log10_special 8 API calls 6820 7ff608072342 6818->6820 6819 7ff608072560 59 API calls 6819->6821 6820->6797 6821->6818 6823 7ff608072502 6822->6823 6824 7ff608079800 _log10_special 8 API calls 6823->6824 6825 7ff6080722d6 6824->6825 6825->6819 6827 7ff60807404a 6826->6827 6828 7ff608079800 _log10_special 8 API calls 6827->6828 6829 7ff608071490 6828->6829 6829->6552 6831 7ff608073c6d 6830->6831 6832 7ff608072560 59 API calls 6831->6832 6833 7ff608073c7b 6831->6833 6832->6833 6834 7ff608079800 _log10_special 8 API calls 6833->6834 6835 7ff608073cea 6834->6835 6835->6558 6836->6565 6837->6567 6838->6569 6839->6569 6840->6573 6861 7ff608079dd8 EnterCriticalSection 6841->6861 6843 7ff608076a08 6844 7ff608076920 __FrameHandler3::FrameUnwindToEmptyState 11 API calls 6843->6844 6845 7ff608076a11 6844->6845 6846 7ff608079df4 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 6845->6846 6847 7ff608076903 6846->6847 6847->6012 6848 7ff608076824 6847->6848 6862 7ff608076800 6848->6862 6850 7ff608076831 6851 7ff608076846 6850->6851 6852 7ff608076835 GetCurrentProcess TerminateProcess 6850->6852 6853 7ff608076790 __FrameHandler3::FrameUnwindToEmptyState 3 API calls 6851->6853 6852->6851 6854 7ff60807684d ExitProcess 6853->6854 6856 7ff6080767ed 6855->6856 6857 7ff6080767c4 GetProcAddress 6855->6857 6859 7ff6080767f9 6856->6859 6860 7ff6080767f2 FreeLibrary 6856->6860 6858 7ff6080767d6 6857->6858 6858->6856 6859->6009 6860->6859 6865 7ff60807bcbc 6862->6865 6864 7ff608076809 __FrameHandler3::FrameUnwindToEmptyState 6864->6850 6866 7ff60807bccd __FrameHandler3::FrameUnwindToEmptyState 6865->6866 6867 7ff60807bcdb 6866->6867 6869 7ff608079b44 6866->6869 6867->6864 6872 7ff608079b9c 6869->6872 6878 7ff608079b6c 6872->6878 6880 7ff608079bf4 __vcrt_FlsAlloc 6872->6880 6873 7ff608079c29 LoadLibraryExW 6875 7ff608079cfe 6873->6875 6876 7ff608079c4e GetLastError 6873->6876 6874 7ff608079d1e GetProcAddress 6874->6878 6879 7ff608079d2f 6874->6879 6875->6874 6877 7ff608079d15 FreeLibrary 6875->6877 6876->6880 6877->6874 6878->6867 6879->6878 6880->6873 6880->6874 6880->6878 6881 7ff608079c88 LoadLibraryExW 6880->6881 6881->6875 6881->6880 6883 7ff608079e98 __FrameHandler3::FrameUnwindToEmptyState 59 API calls 6882->6883 6884 7ff608077e31 6883->6884 6885 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 6884->6885 6886 7ff608077e51 6885->6886 6888 7ff60807664c 6887->6888 6891 7ff608076662 6887->6891 6889 7ff60807665b 6888->6889 6892 7ff60807b7ac 6888->6892 6889->6039 6891->6039 6893 7ff60807b914 6892->6893 6895 7ff60807ba10 6893->6895 6902 7ff608079dd8 EnterCriticalSection 6895->6902 7723 7ff6080784bc 7724 7ff608078090 _CreateFrameInfo 68 API calls 7723->7724 7725 7ff6080784f1 7724->7725 7726 7ff608078090 _CreateFrameInfo 68 API calls 7725->7726 7727 7ff6080784ff __except_validate_context_record 7726->7727 7728 7ff608078090 _CreateFrameInfo 68 API calls 7727->7728 7729 7ff608078543 7728->7729 7730 7ff608078090 _CreateFrameInfo 68 API calls 7729->7730 7731 7ff60807854c 7730->7731 7732 7ff608078090 _CreateFrameInfo 68 API calls 7731->7732 7733 7ff608078555 7732->7733 7746 7ff6080760f4 7733->7746 7736 7ff608078090 _CreateFrameInfo 68 API calls 7737 7ff608078585 __CxxCallCatchBlock 7736->7737 7738 7ff608076130 __CxxCallCatchBlock 68 API calls 7737->7738 7742 7ff608078636 7738->7742 7739 7ff60807865f __CxxCallCatchBlock 7740 7ff608078090 _CreateFrameInfo 68 API calls 7739->7740 7741 7ff608078672 7740->7741 7743 7ff608078090 _CreateFrameInfo 68 API calls 7741->7743 7742->7739 7744 7ff6080762e0 __CxxCallCatchBlock 68 API calls 7742->7744 7745 7ff60807867b 7743->7745 7744->7739 7747 7ff608078090 _CreateFrameInfo 68 API calls 7746->7747 7748 7ff608076105 7747->7748 7749 7ff608076110 7748->7749 7750 7ff608078090 _CreateFrameInfo 68 API calls 7748->7750 7751 7ff608078090 _CreateFrameInfo 68 API calls 7749->7751 7750->7749 7752 7ff608076121 7751->7752 7752->7736 7752->7737 7228 7ff608080fbb 7229 7ff608080ffb 7228->7229 7230 7ff608081260 7228->7230 7229->7230 7232 7ff60808102f 7229->7232 7233 7ff608081242 7229->7233 7231 7ff608081256 7230->7231 7235 7ff6080818d8 _log10_special 19 API calls 7230->7235 7236 7ff6080818d8 7233->7236 7235->7231 7239 7ff608081840 7236->7239 7240 7ff60808185a 7239->7240 7241 7ff6080818c9 7240->7241 7243 7ff60808169c 7240->7243 7241->7231 7244 7ff6080816dc _raise_exc _log10_special 7243->7244 7245 7ff608081785 7244->7245 7246 7ff608081755 7244->7246 7256 7ff608081960 7245->7256 7252 7ff608081578 7246->7252 7249 7ff608081783 _log10_special 7250 7ff608079800 _log10_special 8 API calls 7249->7250 7251 7ff6080817ad 7250->7251 7251->7241 7253 7ff6080815bc _log10_special 7252->7253 7254 7ff6080815d1 7253->7254 7255 7ff608081960 _log10_special 11 API calls 7253->7255 7254->7249 7255->7254 7257 7ff608081969 7256->7257 7258 7ff608081980 7256->7258 7260 7ff60807c11c _set_fmode 11 API calls 7257->7260 7261 7ff608081978 7257->7261 7259 7ff60807c11c _set_fmode 11 API calls 7258->7259 7259->7261 7260->7261 7261->7249 7624 7ff608079e38 FlsAlloc 7625 7ff608079e57 7624->7625 7626 7ff608079e53 7624->7626 7627 7ff60807a010 _set_fmode 11 API calls 7625->7627 7628 7ff608079e5c 7627->7628 7628->7626 7630 7ff608079e74 7628->7630 7631 7ff608079e83 FlsFree 7630->7631 7632 7ff608079e8f 7630->7632 7631->7632 7632->7626 7262 7ff6080785b6 7263 7ff608078090 _CreateFrameInfo 68 API calls 7262->7263 7265 7ff6080785c3 __CxxCallCatchBlock 7263->7265 7264 7ff608078607 RaiseException 7266 7ff60807862e 7264->7266 7265->7264 7275 7ff608076130 7266->7275 7268 7ff608078090 _CreateFrameInfo 68 API calls 7269 7ff608078672 7268->7269 7271 7ff608078090 _CreateFrameInfo 68 API calls 7269->7271 7273 7ff60807867b 7271->7273 7274 7ff60807865f __CxxCallCatchBlock 7274->7268 7276 7ff608078090 _CreateFrameInfo 68 API calls 7275->7276 7277 7ff608076142 7276->7277 7278 7ff60807617d 7277->7278 7280 7ff608078090 _CreateFrameInfo 68 API calls 7277->7280 7279 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7278->7279 7281 7ff608076182 7279->7281 7282 7ff60807614d 7280->7282 7282->7278 7283 7ff608076169 7282->7283 7284 7ff608078090 _CreateFrameInfo 68 API calls 7283->7284 7285 7ff60807616e 7284->7285 7285->7274 7286 7ff6080762e0 7285->7286 7287 7ff608078090 _CreateFrameInfo 68 API calls 7286->7287 7288 7ff6080762ee 7287->7288 7288->7274 7753 7ff6080712c0 7754 7ff6080716d0 59 API calls 7753->7754 7755 7ff6080712e0 7754->7755 7633 7ff608082840 7636 7ff608077b4c 7633->7636 7637 7ff60807a010 _set_fmode 11 API calls 7636->7637 7638 7ff608077b6a 7637->7638 7639 7ff608082a75 7640 7ff608076130 __CxxCallCatchBlock 68 API calls 7639->7640 7643 7ff608082a88 7640->7643 7641 7ff608082ac7 __CxxCallCatchBlock 7642 7ff608078090 _CreateFrameInfo 68 API calls 7641->7642 7644 7ff608082adb 7642->7644 7643->7641 7647 7ff6080762e0 __CxxCallCatchBlock 68 API calls 7643->7647 7645 7ff608078090 _CreateFrameInfo 68 API calls 7644->7645 7646 7ff608082aeb 7645->7646 7647->7641 7289 7ff6080809f3 7292 7ff608080a78 7289->7292 7290 7ff608079800 _log10_special 8 API calls 7291 7ff608080c3a 7290->7291 7292->7290 7052 7ff608079d58 7053 7ff608079d60 7052->7053 7055 7ff608079d91 7053->7055 7056 7ff608079d8d 7053->7056 7058 7ff608079988 7053->7058 7063 7ff608079da0 7055->7063 7059 7ff608079b9c __FrameHandler3::FrameUnwindToEmptyState 5 API calls 7058->7059 7060 7ff6080799be 7059->7060 7061 7ff6080799dd InitializeCriticalSectionAndSpinCount 7060->7061 7062 7ff6080799c3 7060->7062 7061->7062 7062->7053 7064 7ff608079dcb 7063->7064 7065 7ff608079dcf 7064->7065 7066 7ff608079dae DeleteCriticalSection 7064->7066 7065->7056 7066->7064 7648 7ff608075064 7649 7ff608075468 GetModuleHandleW 7648->7649 7650 7ff60807506b 7649->7650 7651 7ff6080750a5 7650->7651 7652 7ff60807506f 7650->7652 7654 7ff60807671c __FrameHandler3::FrameUnwindToEmptyState 23 API calls 7651->7654 7653 7ff60807507b 7652->7653 7657 7ff608076738 7652->7657 7656 7ff6080750ac 7654->7656 7658 7ff608076858 7657->7658 7659 7ff60807687d GetModuleHandleW 7658->7659 7660 7ff6080768c7 7658->7660 7659->7660 7666 7ff60807688a 7659->7666 7661 7ff6080769ec __FrameHandler3::FrameUnwindToEmptyState 11 API calls 7660->7661 7662 7ff608076903 7661->7662 7663 7ff60807690a 7662->7663 7664 7ff608076824 __FrameHandler3::FrameUnwindToEmptyState 11 API calls 7662->7664 7663->7653 7665 7ff60807691c 7664->7665 7666->7660 7667 7ff608076790 __FrameHandler3::FrameUnwindToEmptyState 3 API calls 7666->7667 7667->7660 7067 7ff608080d60 7068 7ff608080d77 7067->7068 7069 7ff608080d71 CloseHandle 7067->7069 7069->7068 7768 7ff60807bb0c 7769 7ff60807bb36 7768->7769 7770 7ff60807c1c8 _set_fmode 11 API calls 7769->7770 7771 7ff60807bb55 7770->7771 7772 7ff60807b380 __free_lconv_mon 11 API calls 7771->7772 7773 7ff60807bb63 7772->7773 7774 7ff60807bb8d 7773->7774 7775 7ff60807c1c8 _set_fmode 11 API calls 7773->7775 7777 7ff608079988 6 API calls 7774->7777 7779 7ff60807bb96 7774->7779 7776 7ff60807bb7f 7775->7776 7778 7ff60807b380 __free_lconv_mon 11 API calls 7776->7778 7777->7774 7778->7774 7070 7ff60807df88 7071 7ff60807a7cc 64 API calls 7070->7071 7072 7ff60807df91 7071->7072 7073 7ff608076590 7074 7ff6080765c1 7073->7074 7075 7ff6080765a9 7073->7075 7075->7074 7076 7ff60807b380 __free_lconv_mon 11 API calls 7075->7076 7076->7074 7780 7ff608082b11 7781 7ff608078090 _CreateFrameInfo 68 API calls 7780->7781 7782 7ff608082b1f 7781->7782 7783 7ff608082b2a 7782->7783 7784 7ff608078090 _CreateFrameInfo 68 API calls 7782->7784 7784->7783 7302 7ff608079e10 GetProcessHeap 7303 7ff608080610 7304 7ff608080648 __GSHandlerCheckCommon 7303->7304 7305 7ff608080674 7304->7305 7307 7ff608076184 7304->7307 7308 7ff608078090 _CreateFrameInfo 68 API calls 7307->7308 7309 7ff6080761ae 7308->7309 7310 7ff608078090 _CreateFrameInfo 68 API calls 7309->7310 7311 7ff6080761bb 7310->7311 7312 7ff608078090 _CreateFrameInfo 68 API calls 7311->7312 7313 7ff6080761c4 7312->7313 7316 7ff60807891c 7313->7316 7317 7ff608078d24 __except_validate_context_record 7316->7317 7318 7ff608078090 _CreateFrameInfo 68 API calls 7317->7318 7319 7ff608078d56 7318->7319 7321 7ff608078db0 7319->7321 7323 7ff608078e3e 7319->7323 7337 7ff6080761f5 7319->7337 7320 7ff608078e2b 7362 7ff608075d30 7320->7362 7321->7320 7325 7ff608078e09 7321->7325 7326 7ff608078dd2 7321->7326 7321->7337 7329 7ff608078e5d 7323->7329 7371 7ff60807609c 7323->7371 7325->7320 7328 7ff608078de1 7325->7328 7339 7ff608078194 7326->7339 7331 7ff608078f55 7328->7331 7333 7ff608078df3 7328->7333 7334 7ff608078eac 7329->7334 7329->7337 7374 7ff6080760c8 7329->7374 7335 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7331->7335 7345 7ff608078298 7333->7345 7334->7337 7377 7ff608078f5c 7334->7377 7336 7ff608078f5a 7335->7336 7337->7305 7340 7ff6080781f4 7339->7340 7341 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7340->7341 7342 7ff6080781f9 7341->7342 7343 7ff60807821e 7342->7343 7344 7ff608078194 __GSHandlerCheck_EH 59 API calls 7342->7344 7343->7328 7344->7343 7346 7ff60807609c Is_bad_exception_allowed 68 API calls 7345->7346 7347 7ff6080782c7 __GetCurrentState 7346->7347 7348 7ff608078090 _CreateFrameInfo 68 API calls 7347->7348 7357 7ff6080782e4 __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 7348->7357 7349 7ff6080783db 7350 7ff608078090 _CreateFrameInfo 68 API calls 7349->7350 7351 7ff6080783e0 7350->7351 7355 7ff6080783eb 7351->7355 7356 7ff608078090 _CreateFrameInfo 68 API calls 7351->7356 7352 7ff608078416 7353 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7352->7353 7353->7355 7354 7ff6080783f8 __FrameHandler3::GetHandlerSearchState 7354->7337 7355->7354 7358 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7355->7358 7356->7355 7357->7349 7357->7352 7360 7ff60807609c 68 API calls Is_bad_exception_allowed 7357->7360 7361 7ff6080760b0 __FrameHandler3::FrameUnwindToEmptyState 68 API calls 7357->7361 7359 7ff608078421 7358->7359 7360->7357 7361->7357 7439 7ff608075d94 7362->7439 7369 7ff608078298 __FrameHandler3::FrameUnwindToEmptyState 69 API calls 7370 7ff608075d84 7369->7370 7370->7337 7372 7ff608078090 _CreateFrameInfo 68 API calls 7371->7372 7373 7ff6080760a5 7372->7373 7373->7329 7375 7ff608078090 _CreateFrameInfo 68 API calls 7374->7375 7376 7ff6080760d1 7375->7376 7376->7334 7454 7ff608078424 7377->7454 7379 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7380 7ff60807942a 7379->7380 7381 7ff608079375 7418 7ff608079424 7381->7418 7425 7ff608079373 7381->7425 7519 7ff608079500 7381->7519 7382 7ff6080790a3 7382->7381 7383 7ff6080790db 7382->7383 7386 7ff6080792a5 7383->7386 7482 7ff608075f68 7383->7482 7385 7ff608078090 _CreateFrameInfo 68 API calls 7389 7ff6080793b7 7385->7389 7393 7ff6080792c2 7386->7393 7396 7ff60807609c Is_bad_exception_allowed 68 API calls 7386->7396 7386->7425 7387 7ff608078090 _CreateFrameInfo 68 API calls 7391 7ff60807900a 7387->7391 7392 7ff6080793be 7389->7392 7389->7418 7391->7392 7397 7ff608078090 _CreateFrameInfo 68 API calls 7391->7397 7395 7ff608079800 _log10_special 8 API calls 7392->7395 7401 7ff6080792e4 7393->7401 7393->7425 7511 7ff608075d04 7393->7511 7394 7ff608079107 7394->7386 7422 7ff6080760c8 68 API calls __GSHandlerCheck_EH 7394->7422 7488 7ff608078924 7394->7488 7502 7ff60807942c 7394->7502 7398 7ff6080793ca 7395->7398 7396->7393 7400 7ff60807901a 7397->7400 7398->7337 7402 7ff608078090 _CreateFrameInfo 68 API calls 7400->7402 7403 7ff6080792fa 7401->7403 7401->7425 7436 7ff608079407 7401->7436 7404 7ff608079023 7402->7404 7405 7ff608079305 7403->7405 7408 7ff60807609c Is_bad_exception_allowed 68 API calls 7403->7408 7466 7ff6080760dc 7404->7466 7412 7ff6080787a4 __GSHandlerCheck_EH 68 API calls 7405->7412 7406 7ff608078090 _CreateFrameInfo 68 API calls 7409 7ff60807940d 7406->7409 7408->7405 7410 7ff608078090 _CreateFrameInfo 68 API calls 7409->7410 7415 7ff608079416 7410->7415 7413 7ff60807931b 7412->7413 7419 7ff608075d94 __FrameHandler3::GetHandlerSearchState 60 API calls 7413->7419 7413->7425 7414 7ff608078090 _CreateFrameInfo 68 API calls 7416 7ff608079065 7414->7416 7417 7ff608077e28 __GSHandlerCheck_EH 59 API calls 7415->7417 7416->7382 7421 7ff608078090 _CreateFrameInfo 68 API calls 7416->7421 7417->7418 7418->7379 7420 7ff608079335 7419->7420 7516 7ff608075e64 RtlUnwindEx 7420->7516 7424 7ff608079071 7421->7424 7422->7394 7426 7ff608078090 _CreateFrameInfo 68 API calls 7424->7426 7425->7385 7428 7ff60807907a 7426->7428 7469 7ff6080787a4 7428->7469 7432 7ff60807908e 7478 7ff608078894 7432->7478 7434 7ff608079401 7435 7ff608077e28 __GSHandlerCheck_EH 59 API calls 7434->7435 7435->7436 7436->7406 7437 7ff608079096 __CxxCallCatchBlock std::bad_alloc::bad_alloc 7437->7434 7438 7ff6080759e0 Concurrency::cancel_current_task 2 API calls 7437->7438 7438->7434 7440 7ff60807818c __FrameHandler3::GetHandlerSearchState 59 API calls 7439->7440 7442 7ff608075dc2 7440->7442 7441 7ff608075dec RtlLookupFunctionEntry 7441->7442 7442->7441 7443 7ff608075d4f 7442->7443 7444 7ff60807818c 7443->7444 7445 7ff608078194 7444->7445 7446 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7445->7446 7447 7ff6080781f9 7446->7447 7448 7ff608075d5d 7447->7448 7449 7ff608078194 __GSHandlerCheck_EH 59 API calls 7447->7449 7450 7ff608075ca0 7448->7450 7449->7448 7451 7ff608075ceb 7450->7451 7453 7ff608075cc0 7450->7453 7451->7369 7452 7ff608078090 _CreateFrameInfo 68 API calls 7452->7453 7453->7451 7453->7452 7455 7ff60807818c __FrameHandler3::GetHandlerSearchState 59 API calls 7454->7455 7456 7ff608078449 7455->7456 7457 7ff608075d94 __FrameHandler3::GetHandlerSearchState 60 API calls 7456->7457 7458 7ff60807845e 7457->7458 7537 7ff60807826c 7458->7537 7461 7ff608078493 7463 7ff60807826c __GetUnwindTryBlock 60 API calls 7461->7463 7462 7ff608078470 __FrameHandler3::GetHandlerSearchState 7540 7ff608078230 7462->7540 7465 7ff608078491 7463->7465 7465->7382 7465->7387 7465->7418 7467 7ff608078090 _CreateFrameInfo 68 API calls 7466->7467 7468 7ff6080760ea 7467->7468 7468->7414 7468->7418 7470 7ff60807888b 7469->7470 7475 7ff6080787cf 7469->7475 7472 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7470->7472 7471 7ff60807886b 7471->7382 7471->7432 7474 7ff608078890 7472->7474 7473 7ff6080760c8 68 API calls __GSHandlerCheck_EH 7473->7475 7475->7471 7475->7473 7476 7ff60807609c Is_bad_exception_allowed 68 API calls 7475->7476 7477 7ff608078924 __GSHandlerCheck_EH 68 API calls 7475->7477 7476->7475 7477->7475 7479 7ff608078901 7478->7479 7480 7ff6080788b1 Is_bad_exception_allowed 7478->7480 7479->7437 7480->7479 7481 7ff60807609c 68 API calls Is_bad_exception_allowed 7480->7481 7481->7480 7483 7ff60807818c __FrameHandler3::GetHandlerSearchState 59 API calls 7482->7483 7484 7ff608075fa6 7483->7484 7485 7ff608075fb4 7484->7485 7486 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7484->7486 7485->7394 7487 7ff608076098 7486->7487 7489 7ff6080789e0 7488->7489 7490 7ff608078951 7488->7490 7489->7394 7491 7ff60807609c Is_bad_exception_allowed 68 API calls 7490->7491 7492 7ff60807895a 7491->7492 7492->7489 7493 7ff60807609c Is_bad_exception_allowed 68 API calls 7492->7493 7494 7ff608078973 7492->7494 7493->7494 7494->7489 7495 7ff60807899f 7494->7495 7496 7ff60807609c Is_bad_exception_allowed 68 API calls 7494->7496 7497 7ff6080760c8 __GSHandlerCheck_EH 68 API calls 7495->7497 7496->7495 7498 7ff6080789b3 7497->7498 7498->7489 7499 7ff6080789cc 7498->7499 7500 7ff60807609c Is_bad_exception_allowed 68 API calls 7498->7500 7501 7ff6080760c8 __GSHandlerCheck_EH 68 API calls 7499->7501 7500->7499 7501->7489 7503 7ff608075d94 __FrameHandler3::GetHandlerSearchState 60 API calls 7502->7503 7504 7ff608079469 7503->7504 7505 7ff60807948f 7504->7505 7543 7ff608078c64 7504->7543 7506 7ff60807609c Is_bad_exception_allowed 68 API calls 7505->7506 7508 7ff6080794a1 7506->7508 7509 7ff608075e64 __GSHandlerCheck_EH 9 API calls 7508->7509 7510 7ff6080794e5 7509->7510 7510->7394 7512 7ff60807818c __FrameHandler3::GetHandlerSearchState 59 API calls 7511->7512 7513 7ff608075d18 7512->7513 7514 7ff608075ca0 __FrameHandler3::ExecutionInCatch 68 API calls 7513->7514 7515 7ff608075d22 7514->7515 7515->7401 7517 7ff608079800 _log10_special 8 API calls 7516->7517 7518 7ff608075f5e 7517->7518 7518->7425 7520 7ff60807974c 7519->7520 7521 7ff608079539 7519->7521 7520->7425 7522 7ff608078090 _CreateFrameInfo 68 API calls 7521->7522 7523 7ff60807953e 7522->7523 7524 7ff60807955d EncodePointer 7523->7524 7533 7ff6080795b0 7523->7533 7527 7ff608078090 _CreateFrameInfo 68 API calls 7524->7527 7525 7ff608079767 7529 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7525->7529 7526 7ff6080795d0 7528 7ff608075f68 __GSHandlerCheck_EH 59 API calls 7526->7528 7531 7ff60807956d 7527->7531 7536 7ff6080795f2 7528->7536 7530 7ff60807976c 7529->7530 7531->7533 7575 7ff60807620c 7531->7575 7533->7520 7533->7525 7533->7526 7534 7ff60807609c 68 API calls Is_bad_exception_allowed 7534->7536 7535 7ff60807942c __GSHandlerCheck_EH 70 API calls 7535->7536 7536->7520 7536->7534 7536->7535 7538 7ff608075d94 __FrameHandler3::GetHandlerSearchState 60 API calls 7537->7538 7539 7ff60807827f 7538->7539 7539->7461 7539->7462 7541 7ff608075d94 __FrameHandler3::GetHandlerSearchState 60 API calls 7540->7541 7542 7ff60807824a 7541->7542 7542->7465 7544 7ff608078c86 7543->7544 7552 7ff608078a64 7544->7552 7546 7ff608078c97 7547 7ff608078cd8 __AdjustPointer 7546->7547 7550 7ff608078c9c __AdjustPointer 7546->7550 7548 7ff608078cbb __GSHandlerCheck_EH 7547->7548 7549 7ff6080760c8 __GSHandlerCheck_EH 68 API calls 7547->7549 7548->7505 7549->7548 7550->7548 7551 7ff6080760c8 __GSHandlerCheck_EH 68 API calls 7550->7551 7551->7548 7553 7ff608078a91 7552->7553 7555 7ff608078a9a 7552->7555 7554 7ff60807609c Is_bad_exception_allowed 68 API calls 7553->7554 7554->7555 7556 7ff60807609c Is_bad_exception_allowed 68 API calls 7555->7556 7557 7ff608078ab9 7555->7557 7565 7ff608078b1c __AdjustPointer __GSHandlerCheck_EH 7555->7565 7556->7557 7558 7ff608078b04 7557->7558 7559 7ff608078b24 7557->7559 7557->7565 7561 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7558->7561 7558->7565 7560 7ff6080760c8 __GSHandlerCheck_EH 68 API calls 7559->7560 7562 7ff608078ba3 7559->7562 7559->7565 7560->7562 7563 7ff608078c5b 7561->7563 7562->7565 7566 7ff6080760c8 __GSHandlerCheck_EH 68 API calls 7562->7566 7564 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7563->7564 7567 7ff608078c61 7564->7567 7565->7546 7566->7565 7568 7ff608078a64 __GSHandlerCheck_EH 68 API calls 7567->7568 7569 7ff608078c97 7568->7569 7570 7ff608078cd8 __AdjustPointer 7569->7570 7571 7ff608078c9c __AdjustPointer 7569->7571 7572 7ff608078cbb __GSHandlerCheck_EH 7570->7572 7573 7ff6080760c8 __GSHandlerCheck_EH 68 API calls 7570->7573 7571->7572 7574 7ff6080760c8 __GSHandlerCheck_EH 68 API calls 7571->7574 7572->7546 7573->7572 7574->7572 7576 7ff608078090 _CreateFrameInfo 68 API calls 7575->7576 7577 7ff608076238 7576->7577 7577->7533 7788 7ff608082afb 7791 7ff60807635c 7788->7791 7792 7ff608076386 7791->7792 7793 7ff608076374 7791->7793 7795 7ff608078090 _CreateFrameInfo 68 API calls 7792->7795 7793->7792 7794 7ff60807637c 7793->7794 7796 7ff608078090 _CreateFrameInfo 68 API calls 7794->7796 7797 7ff608076384 7794->7797 7798 7ff60807638b 7795->7798 7799 7ff6080763ab 7796->7799 7798->7797 7800 7ff608078090 _CreateFrameInfo 68 API calls 7798->7800 7801 7ff608078090 _CreateFrameInfo 68 API calls 7799->7801 7800->7797 7802 7ff6080763b8 7801->7802 7803 7ff608077e28 __GSHandlerCheck_EH 59 API calls 7802->7803 7804 7ff6080763c1 7803->7804 7077 7ff60807d578 7087 7ff608075a88 7077->7087 7079 7ff60807d5a0 7083 7ff608078090 _CreateFrameInfo 68 API calls 7084 7ff60807d5b9 7083->7084 7085 7ff608077e28 __GSHandlerCheck_EH 59 API calls 7084->7085 7086 7ff60807d5c2 7085->7086 7088 7ff608075ab8 __CxxCallCatchBlock _IsNonwritableInCurrentImage __except_validate_context_record 7087->7088 7089 7ff608075bb9 7088->7089 7090 7ff608075b7c RtlUnwindEx 7088->7090 7089->7079 7091 7ff608078090 7089->7091 7090->7088 7097 7ff6080780ac 7091->7097 7094 7ff60807809e 7094->7083 7095 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7096 7ff6080780a8 7095->7096 7098 7ff6080780cb GetLastError 7097->7098 7099 7ff608078099 7097->7099 7109 7ff60807d65c 7098->7109 7099->7094 7099->7095 7110 7ff60807d75c __vcrt_FlsAlloc 5 API calls 7109->7110 7111 7ff60807d683 TlsGetValue 7110->7111 7668 7ff608082876 7669 7ff608078090 _CreateFrameInfo 68 API calls 7668->7669 7670 7ff60808288e 7669->7670 7671 7ff608078090 _CreateFrameInfo 68 API calls 7670->7671 7672 7ff6080828a9 7671->7672 7673 7ff608078090 _CreateFrameInfo 68 API calls 7672->7673 7674 7ff6080828bd 7673->7674 7675 7ff60807891c __GSHandlerCheck_EH 74 API calls 7674->7675 7676 7ff6080828fa 7675->7676 7677 7ff608078090 _CreateFrameInfo 68 API calls 7676->7677 7678 7ff6080828ff 7677->7678 7113 7ff60807a784 GetCommandLineA GetCommandLineW 7117 7ff608082b80 7118 7ff608082b99 7117->7118 7119 7ff608082b8f 7117->7119 7121 7ff608079df4 LeaveCriticalSection 7119->7121 7578 7ff60807bc2c 7579 7ff60807b7ac 89 API calls 7578->7579 7580 7ff60807bc37 7579->7580 7588 7ff60807ed18 7580->7588 7601 7ff608079dd8 EnterCriticalSection 7588->7601 7122 7ff6080783b4 7134 7ff6080782e7 __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 7122->7134 7123 7ff6080783db 7124 7ff608078090 _CreateFrameInfo 68 API calls 7123->7124 7125 7ff6080783e0 7124->7125 7129 7ff6080783eb 7125->7129 7130 7ff608078090 _CreateFrameInfo 68 API calls 7125->7130 7126 7ff608078416 7127 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7126->7127 7127->7129 7128 7ff6080783f8 __FrameHandler3::GetHandlerSearchState 7129->7128 7132 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7129->7132 7130->7129 7131 7ff60807609c 68 API calls Is_bad_exception_allowed 7131->7134 7133 7ff608078421 7132->7133 7134->7123 7134->7126 7134->7131 7136 7ff6080760b0 7134->7136 7137 7ff608078090 _CreateFrameInfo 68 API calls 7136->7137 7138 7ff6080760be 7137->7138 7138->7134 7142 7ff6080729b0 7145 7ff608072910 7142->7145 7148 7ff608072820 7145->7148 7149 7ff608072852 __scrt_get_show_window_mode 7148->7149 7150 7ff6080763c4 __std_exception_copy 59 API calls 7149->7150 7151 7ff608072867 7150->7151 7682 7ff6080750b0 7685 7ff608075304 7682->7685 7686 7ff6080750b9 7685->7686 7687 7ff608075327 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 7685->7687 7687->7686 7805 7ff608076530 7808 7ff6080773ac 7805->7808 7815 7ff608077460 7808->7815 7816 7ff6080773c5 7815->7816 7817 7ff608077470 7815->7817 7819 7ff60807747c 7816->7819 7818 7ff608077498 11 API calls 7817->7818 7818->7816 7820 7ff60807748c 7819->7820 7821 7ff6080773d2 7819->7821 7829 7ff6080774dc 7820->7829 7823 7ff608077498 7821->7823 7824 7ff60807749d 7823->7824 7825 7ff6080773df 7823->7825 7826 7ff6080774c6 7824->7826 7827 7ff60807b380 __free_lconv_mon 11 API calls 7824->7827 7828 7ff60807b380 __free_lconv_mon 11 API calls 7826->7828 7827->7824 7828->7825 7830 7ff6080774e1 7829->7830 7834 7ff608077512 7829->7834 7831 7ff60807750a 7830->7831 7833 7ff60807b380 __free_lconv_mon 11 API calls 7830->7833 7832 7ff60807b380 __free_lconv_mon 11 API calls 7831->7832 7832->7834 7833->7830 7834->7821 7155 7ff60807b1b0 7170 7ff608079dd8 EnterCriticalSection 7155->7170 7602 7ff60807561c 7603 7ff608075634 7602->7603 7604 7ff608075650 7602->7604 7603->7604 7611 7ff608076310 7603->7611 7609 7ff608077e28 __GSHandlerCheck_EH 59 API calls 7610 7ff608075676 7609->7610 7612 7ff608078090 _CreateFrameInfo 68 API calls 7611->7612 7613 7ff608075662 7612->7613 7614 7ff608076324 7613->7614 7615 7ff608078090 _CreateFrameInfo 68 API calls 7614->7615 7616 7ff60807566e 7615->7616 7616->7609 7835 7ff608076b1c 7838 7ff608076b4c 7835->7838 7845 7ff608079dd8 EnterCriticalSection 7838->7845 7171 7ff60807a198 7172 7ff60807a19d 7171->7172 7173 7ff60807a1b2 7171->7173 7177 7ff60807a2f0 7172->7177 7178 7ff60807a332 7177->7178 7181 7ff60807a33a 7177->7181 7179 7ff60807b380 __free_lconv_mon 11 API calls 7178->7179 7179->7181 7180 7ff60807b380 __free_lconv_mon 11 API calls 7182 7ff60807a347 7180->7182 7181->7180 7183 7ff60807b380 __free_lconv_mon 11 API calls 7182->7183 7184 7ff60807a354 7183->7184 7185 7ff60807b380 __free_lconv_mon 11 API calls 7184->7185 7186 7ff60807a361 7185->7186 7187 7ff60807b380 __free_lconv_mon 11 API calls 7186->7187 7188 7ff60807a36e 7187->7188 7189 7ff60807b380 __free_lconv_mon 11 API calls 7188->7189 7190 7ff60807a37b 7189->7190 7191 7ff60807b380 __free_lconv_mon 11 API calls 7190->7191 7192 7ff60807a388 7191->7192 7193 7ff60807b380 __free_lconv_mon 11 API calls 7192->7193 7194 7ff60807a395 7193->7194 7195 7ff60807b380 __free_lconv_mon 11 API calls 7194->7195 7196 7ff60807a3a5 7195->7196 7197 7ff60807b380 __free_lconv_mon 11 API calls 7196->7197 7198 7ff60807a3b5 7197->7198 7203 7ff60807a470 7198->7203 7217 7ff608079dd8 EnterCriticalSection 7203->7217 7691 7ff6080764a4 7698 7ff608079880 7691->7698 7694 7ff6080764b1 7700 7ff608079888 7698->7700 7701 7ff6080798b9 7700->7701 7702 7ff6080764ad 7700->7702 7711 7ff60807d6f8 7700->7711 7703 7ff6080798c8 __vcrt_uninitialize_locks DeleteCriticalSection 7701->7703 7702->7694 7704 7ff608078024 7702->7704 7703->7702 7716 7ff60807d5cc 7704->7716 7712 7ff60807d75c __vcrt_FlsAlloc 5 API calls 7711->7712 7713 7ff60807d72e 7712->7713 7714 7ff60807d743 InitializeCriticalSectionAndSpinCount 7713->7714 7715 7ff60807d738 7713->7715 7714->7715 7715->7700 7717 7ff60807d75c __vcrt_FlsAlloc 5 API calls 7716->7717 7718 7ff60807d5f1 TlsAlloc 7717->7718 7846 7ff608079924 7847 7ff60807995d 7846->7847 7848 7ff60807992e 7846->7848 7848->7847 7849 7ff608079943 FreeLibrary 7848->7849 7849->7848 7853 7ff608074f20 7860 7ff6080754c4 SetUnhandledExceptionFilter 7853->7860 7861 7ff608078d1e 7862 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7861->7862 7863 7ff608078d23 __except_validate_context_record 7862->7863 7864 7ff608078090 _CreateFrameInfo 68 API calls 7863->7864 7865 7ff608078d56 7864->7865 7868 7ff608078db0 7865->7868 7870 7ff608078e3e 7865->7870 7883 7ff608078e04 7865->7883 7866 7ff608078eac 7869 7ff608078f5c __GSHandlerCheck_EH 73 API calls 7866->7869 7866->7883 7867 7ff608078e2b 7871 7ff608075d30 __FrameHandler3::FrameUnwindToEmptyState 70 API calls 7867->7871 7868->7867 7872 7ff608078e09 7868->7872 7873 7ff608078dd2 7868->7873 7868->7883 7869->7883 7874 7ff60807609c Is_bad_exception_allowed 68 API calls 7870->7874 7876 7ff608078e5d 7870->7876 7871->7883 7872->7867 7875 7ff608078de1 7872->7875 7877 7ff608078194 __GSHandlerCheck_EH 59 API calls 7873->7877 7874->7876 7878 7ff608078f55 7875->7878 7880 7ff608078df3 7875->7880 7876->7866 7879 7ff6080760c8 __GSHandlerCheck_EH 68 API calls 7876->7879 7876->7883 7877->7875 7881 7ff608077fcc __FrameHandler3::FrameUnwindToEmptyState 59 API calls 7878->7881 7879->7866 7884 7ff608078298 __FrameHandler3::FrameUnwindToEmptyState 69 API calls 7880->7884 7882 7ff608078f5a 7881->7882 7884->7883 7885 7ff60808291e 7886 7ff608082936 7885->7886 7892 7ff6080829a1 7885->7892 7887 7ff608078090 _CreateFrameInfo 68 API calls 7886->7887 7886->7892 7888 7ff608082983 7887->7888 7889 7ff608078090 _CreateFrameInfo 68 API calls 7888->7889 7890 7ff608082998 7889->7890 7891 7ff608077e28 __GSHandlerCheck_EH 59 API calls 7890->7891 7891->7892

                                                                  Executed Functions

                                                                  Function 00007FF608079B9C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF608079B6C,?,?,00000000,00007FF60807BCDB,?,?,00000003,00007FF608076809), ref: 00007FF608079D18
                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF608079B6C,?,?,00000000,00007FF60807BCDB,?,?,00000003,00007FF608076809), ref: 00007FF608079D24
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: AddressFreeLibraryProc
                                                                  • String ID: MZx$api-ms-$ext-ms-
                                                                  • API String ID: 3013587201-2431898299
                                                                  • Opcode ID: 22012f02682711b3799a961ab12125ad5bd7006ea3965d99f2077911abd80764
                                                                  • Instruction ID: 6fd1967041e5f9ac08e2058ea3befd94d2f68fe26977aff1880d968d81d546cd
                                                                  • Opcode Fuzzy Hash: 22012f02682711b3799a961ab12125ad5bd7006ea3965d99f2077911abd80764
                                                                  • Instruction Fuzzy Hash: EE41DE22F19A0281FB1ACB36981467527D6BF88BA0F294535DD0ECB7C5EE3CE445830C
                                                                  Function 00007FF608074340 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 145COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFileModuleNameProcess
                                                                  • String ID: @$U$h
                                                                  • API String ID: 2157755880-1769436074
                                                                  • Opcode ID: ac2049599329be2e5e576ae922c25a86fa67dca48e68f9b77c98ef5ba77e9d5b
                                                                  • Instruction ID: 73dede853b80022d941c14f30a05cf942b3246729e164447ce475acf2b1ecb3c
                                                                  • Opcode Fuzzy Hash: ac2049599329be2e5e576ae922c25a86fa67dca48e68f9b77c98ef5ba77e9d5b
                                                                  • Instruction Fuzzy Hash: 79711F76A08BC5C1DA60CB55F4503AEB760FBC9B94F504026EA8E87BA9DF7CD045CB08
                                                                  Function 00007FF608074F3C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                  • String ID: MZx
                                                                  • API String ID: 3251591375-2575928145
                                                                  • Opcode ID: fc8042bb87e420838d7706c2e1d2f26ac8af05287a7a71abb2327b768e75cc79
                                                                  • Instruction ID: 4852bfc57493b9c88f5f52196063ede76c6124c191b5d30b4d06b300dbf818c5
                                                                  • Opcode Fuzzy Hash: fc8042bb87e420838d7706c2e1d2f26ac8af05287a7a71abb2327b768e75cc79
                                                                  • Instruction Fuzzy Hash: 93315D31E0C64786FA24EB7498623F92291AF81385F785435EA0FCB2D3DE6DB404C29D
                                                                  Function 00007FF6080799F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: String
                                                                  • String ID: LCMapStringEx
                                                                  • API String ID: 2568140703-3893581201
                                                                  • Opcode ID: f9633275d9ee9d3b20b8a7fa8d609a387c4e2dab78c2b7ebc5d766684dffdc6a
                                                                  • Instruction ID: e17b43c67dfeba3dc1d9c9903a3a997c5c73d93936d87dea0d6394c113bdd202
                                                                  • Opcode Fuzzy Hash: f9633275d9ee9d3b20b8a7fa8d609a387c4e2dab78c2b7ebc5d766684dffdc6a
                                                                  • Instruction Fuzzy Hash: 96212C35A08B8186DB64CB66F44029AB7A4FBC8BD0F544136EACD83B59DF3CD5408B48
                                                                  Function 00007FF608076824 Relevance: 4.5, APIs: 3, Instructions: 14COMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Process$CurrentExitTerminate
                                                                  • String ID:
                                                                  • API String ID: 1703294689-0
                                                                  • Opcode ID: d1b5e31b8130739252ba024cd7ee30c115cd396cc8feb26cc4374d0b0c240fe4
                                                                  • Instruction ID: 22183113ec345f411b6ec89994c3033fd47471348cc6f5ac6a6c8ec0bfd9796e
                                                                  • Opcode Fuzzy Hash: d1b5e31b8130739252ba024cd7ee30c115cd396cc8feb26cc4374d0b0c240fe4
                                                                  • Instruction Fuzzy Hash: 6FD05E50F08B0382FA48AFB0188507842511F98721F341838C82FD63E3EE6DA44C820C
                                                                  Function 00007FF60807AFC8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Info
                                                                  • String ID:
                                                                  • API String ID: 1807457897-3916222277
                                                                  • Opcode ID: 741c4182e17423b6762c14ee47741467d08430751a7f72457cdc24d02ab79553
                                                                  • Instruction ID: 3a9a51557edccb6b0bc99d5333e0254e0eae564dc57aed43f41978b54cc2c99a
                                                                  • Opcode Fuzzy Hash: 741c4182e17423b6762c14ee47741467d08430751a7f72457cdc24d02ab79553
                                                                  • Instruction Fuzzy Hash: F7517C72A182C18AE721CF34E0947AE7BA0F749754FA4413AD78E83A86CF7CD555CB48
                                                                  Function 00007FF60807A8C8 Relevance: 3.2, APIs: 2, Instructions: 194COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 168 7ff60807a8c8-7ff60807a8fb call 7ff60807ab88 171 7ff60807ab55-7ff60807ab58 call 7ff60807ac08 168->171 172 7ff60807a901-7ff60807a90e 168->172 175 7ff60807ab5d 171->175 174 7ff60807a911-7ff60807a913 172->174 176 7ff60807a919-7ff60807a924 174->176 177 7ff60807aa5f-7ff60807aa8d call 7ff608081e00 174->177 178 7ff60807ab5f-7ff60807ab84 call 7ff608079800 175->178 176->174 179 7ff60807a926-7ff60807a92c 176->179 186 7ff60807aa90-7ff60807aa96 177->186 181 7ff60807aa57-7ff60807aa5a 179->181 182 7ff60807a932-7ff60807a93d IsValidCodePage 179->182 181->178 182->181 185 7ff60807a943-7ff60807a94a 182->185 188 7ff60807a94c-7ff60807a95a 185->188 189 7ff60807a972-7ff60807a981 GetCPInfo 185->189 190 7ff60807aa98-7ff60807aa9b 186->190 191 7ff60807aad6-7ff60807aae0 186->191 192 7ff60807a95e-7ff60807a96d 188->192 194 7ff60807aa4b-7ff60807aa51 189->194 195 7ff60807a987-7ff60807a9a7 call 7ff608081e00 189->195 190->191 193 7ff60807aa9d-7ff60807aaa8 190->193 191->186 196 7ff60807aae2-7ff60807aaee 191->196 197 7ff60807ab4b-7ff60807ab4e call 7ff60807afc8 192->197 198 7ff60807aaaa 193->198 199 7ff60807aace-7ff60807aad4 193->199 194->171 194->181 212 7ff60807a9ad-7ff60807a9b6 195->212 213 7ff60807aa41 195->213 201 7ff60807ab19 196->201 202 7ff60807aaf0-7ff60807aaf3 196->202 210 7ff60807ab53 197->210 205 7ff60807aaae-7ff60807aab5 198->205 199->190 199->191 203 7ff60807ab20-7ff60807ab33 201->203 207 7ff60807aaf5-7ff60807aaf8 202->207 208 7ff60807ab10-7ff60807ab17 202->208 209 7ff60807ab38-7ff60807ab49 203->209 205->199 211 7ff60807aab7-7ff60807aacc 205->211 214 7ff60807aafa-7ff60807aafc 207->214 215 7ff60807ab07-7ff60807ab0e 207->215 208->203 209->197 209->209 210->175 211->199 211->205 216 7ff60807a9b8-7ff60807a9bb 212->216 217 7ff60807a9e4-7ff60807a9e8 212->217 218 7ff60807aa43-7ff60807aa46 213->218 214->203 219 7ff60807aafe-7ff60807ab05 214->219 215->203 216->217 220 7ff60807a9bd-7ff60807a9c6 216->220 221 7ff60807a9ed-7ff60807a9f6 217->221 218->192 219->203 223 7ff60807a9dc-7ff60807a9e2 220->223 224 7ff60807a9c8-7ff60807a9cd 220->224 221->221 222 7ff60807a9f8-7ff60807aa01 221->222 225 7ff60807aa03-7ff60807aa06 222->225 226 7ff60807aa31 222->226 223->216 223->217 227 7ff60807a9d0-7ff60807a9da 224->227 228 7ff60807aa28-7ff60807aa2f 225->228 229 7ff60807aa08-7ff60807aa0b 225->229 230 7ff60807aa38-7ff60807aa3f 226->230 227->223 227->227 228->230 231 7ff60807aa0d-7ff60807aa0f 229->231 232 7ff60807aa1f-7ff60807aa26 229->232 230->218 233 7ff60807aa16-7ff60807aa1d 231->233 234 7ff60807aa11-7ff60807aa14 231->234 232->230 233->230 234->230
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: CodeInfoPageValid
                                                                  • String ID:
                                                                  • API String ID: 546120528-0
                                                                  • Opcode ID: 2dc6afea859580e6037be6593a21ed62edb713420741d641145777749c96bdf2
                                                                  • Instruction ID: 22ba650b51578bd1e1dd5ce3aa9ff80ae5bbd1b0b24cfb3d8b50402ad1480f13
                                                                  • Opcode Fuzzy Hash: 2dc6afea859580e6037be6593a21ed62edb713420741d641145777749c96bdf2
                                                                  • Instruction Fuzzy Hash: 3381AB62F086A2A6FB64CF39A05417DB6A2EB44780F694036C68F876D1DF7DE941C30C
                                                                  Function 00007FF608074E38 Relevance: 3.1, APIs: 2, Instructions: 62COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                    • Part of subcall function 00007FF6080759E0: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF608074E57), ref: 00007FF608075A30
                                                                    • Part of subcall function 00007FF6080759E0: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF608074E57), ref: 00007FF608075A71
                                                                  • _set_fmode.LIBCMT ref: 00007FF608074E6F
                                                                  • _RTC_Initialize.LIBCMT ref: 00007FF608074E90
                                                                    • Part of subcall function 00007FF608076BBC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF608076BEE
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFileHeaderInitializeRaise_invalid_parameter_noinfo_set_fmode
                                                                  • String ID:
                                                                  • API String ID: 2451193124-0
                                                                  • Opcode ID: f3c0430470f07399e506a1be3701e989bbb1d8738ebd37febbeea140212f0efb
                                                                  • Instruction ID: d12c9f389a1c1d48f87a5673c309d246f76bc5c55707d575eb65962ea00950eb
                                                                  • Opcode Fuzzy Hash: f3c0430470f07399e506a1be3701e989bbb1d8738ebd37febbeea140212f0efb
                                                                  • Instruction Fuzzy Hash: 1421E6A1E0D64386FA24F7B08D431FC11619FA4345FB00474E60FCA2E3DE9DB841866E
                                                                  Function 00007FF60807B380 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  • RtlFreeHeap.NTDLL(?,?,?,00007FF60807BF8A,?,?,?,00007FF60807BE8B,?,?,00000000,00007FF60807C9A9,?,?,?,00007FF60807C8B3), ref: 00007FF60807B396
                                                                  • GetLastError.KERNEL32(?,?,?,00007FF60807BF8A,?,?,?,00007FF60807BE8B,?,?,00000000,00007FF60807C9A9,?,?,?,00007FF60807C8B3), ref: 00007FF60807B3A0
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFreeHeapLast
                                                                  • String ID:
                                                                  • API String ID: 485612231-0
                                                                  • Opcode ID: ee630889352ed936ae553ba63d3b4f6f14bc721ad53d24028daf506015ee0002
                                                                  • Instruction ID: 911bbac8a97a79ba5afc358512930cd0a63d6f19591853140610e0a1b66d43a4
                                                                  • Opcode Fuzzy Hash: ee630889352ed936ae553ba63d3b4f6f14bc721ad53d24028daf506015ee0002
                                                                  • Instruction Fuzzy Hash: 4AE0EC90F0970786FF18EBF258A607562519FC9B60F6C5434D90EC6292EE6C6895835C
                                                                  Function 00007FF60807671C Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                  • String ID:
                                                                  • API String ID: 3947729631-0
                                                                  • Opcode ID: 883d2c84c99c049fafe14cfb7c78426d52a6edd162f08307a95ee2a3b685a9ec
                                                                  • Instruction ID: b638015034c6a768f57da8799cd79d3d23122679dd5c5e9650cb4f89906c1339
                                                                  • Opcode Fuzzy Hash: 883d2c84c99c049fafe14cfb7c78426d52a6edd162f08307a95ee2a3b685a9ec
                                                                  • Instruction Fuzzy Hash: 5D219172E04B418AFBA4CF74C4402AC37A0EB54318F244A35D62F86AC5EF39D548CB68
                                                                  Function 00007FF60807D464 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 01c91395c1916870b6ebb99eb882ff78e046b85d5793e410e623a649603b4a33
                                                                  • Instruction ID: 897910006a8d0e93605d773ac2f96f4ef01b17528585c44c1ce801c7817fec71
                                                                  • Opcode Fuzzy Hash: 01c91395c1916870b6ebb99eb882ff78e046b85d5793e410e623a649603b4a33
                                                                  • Instruction Fuzzy Hash: 2E112532E0869287F254EB24E44156977A5FF80740F690435EA9EC7BEADE7CF8108B4C
                                                                  Function 00007FF608074630 Relevance: 1.5, APIs: 1, Instructions: 28processCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 418 7ff608074630-7ff6080746af CreateProcessA
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: CreateProcess
                                                                  • String ID:
                                                                  • API String ID: 963392458-0
                                                                  • Opcode ID: 55f193832a280cde99d3965d7a83e62b7f155f16e8e51956fffb024c732bc776
                                                                  • Instruction ID: 7b30cc0500f8453031a1840dc57498979298efb9088a73faa5a1a89e7d1f3412
                                                                  • Opcode Fuzzy Hash: 55f193832a280cde99d3965d7a83e62b7f155f16e8e51956fffb024c732bc776
                                                                  • Instruction Fuzzy Hash: A6F0BD76618B9482E310CB56F48070ABBA5F3C97A4F604519EBC887B28CBBDC1658F40
                                                                  Function 00007FF6080726F0 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                  • String ID:
                                                                  • API String ID: 3668304517-0
                                                                  • Opcode ID: c26739b86664f408db0c9997770f65723e3fc929f09927d10a92c6213d1838f9
                                                                  • Instruction ID: 9e531c5ba1523301a4ec6bde64e3e8747c596ede5149d7da51e87e742eb4c5b0
                                                                  • Opcode Fuzzy Hash: c26739b86664f408db0c9997770f65723e3fc929f09927d10a92c6213d1838f9
                                                                  • Instruction Fuzzy Hash: 65F01222E1DB8581D660DB14F58122EA3A1FF847A4F201231F69F82BE9CE3CD491CB0C
                                                                  Function 00007FF608074C44 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                  • String ID:
                                                                  • API String ID: 680105476-0
                                                                  • Opcode ID: 931c02c4fcd203e15d47adf75942f4b0e5fe0fb3ee4ad08f730a2a0a270399f2
                                                                  • Instruction ID: f9cf21dfd3a0a6328973303bc52e85c0aa3bc19c0801e8c6b47fec3738cfc508
                                                                  • Opcode Fuzzy Hash: 931c02c4fcd203e15d47adf75942f4b0e5fe0fb3ee4ad08f730a2a0a270399f2
                                                                  • Instruction Fuzzy Hash: 70E01701E5990B45FEA9F6B214260B901800F597B0E3D1B30D97FC92C3AD1DB8A5855C
                                                                  Function 00007FF6080746F0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessRead
                                                                  • String ID:
                                                                  • API String ID: 1726664587-0
                                                                  • Opcode ID: 590438e11f57b6ac7bad76fc945ab05e233fba6b9bcb9c07e7f5b99c2efd162e
                                                                  • Instruction ID: 0221021114ddaea0c4ffe1974c9edf93045fd49896d3c0adace5cb34323aaca5
                                                                  • Opcode Fuzzy Hash: 590438e11f57b6ac7bad76fc945ab05e233fba6b9bcb9c07e7f5b99c2efd162e
                                                                  • Instruction Fuzzy Hash: 5AF0FF36518B8482C6509B45F48170AB7B4F39A7A4F60511AFAC957B28CF7DC0648B00
                                                                  Function 00007FF608074760 Relevance: 1.5, APIs: 1, Instructions: 20injectionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessWrite
                                                                  • String ID:
                                                                  • API String ID: 3559483778-0
                                                                  • Opcode ID: 9ea2c8076de443cf59f910db1f613f80aa3e07039da84784684faed62c920b0f
                                                                  • Instruction ID: f45c64e63f28e37489c5d7ebad486cc9da1a63c2bc0b070a7a6489e9c0f778f5
                                                                  • Opcode Fuzzy Hash: 9ea2c8076de443cf59f910db1f613f80aa3e07039da84784684faed62c920b0f
                                                                  • Instruction Fuzzy Hash: 2BF0FA3A518B8881C6609B45F48074AB7B4F79ABA4F645116EACD83B28DF79C1648B00
                                                                  Function 00007FF608075210 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF608075224
                                                                    • Part of subcall function 00007FF6080764CC: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF6080764D4
                                                                    • Part of subcall function 00007FF6080764CC: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF6080764D9
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                  • String ID:
                                                                  • API String ID: 1208906642-0
                                                                  • Opcode ID: e9d6ae88fc6a71f53c5a11da52503330d916ee548e66a10f83e59118ebd616ce
                                                                  • Instruction ID: c91b126dd9251cf101dba1f425c48af5936c2e28713ab022f729cdd5ef71aab4
                                                                  • Opcode Fuzzy Hash: e9d6ae88fc6a71f53c5a11da52503330d916ee548e66a10f83e59118ebd616ce
                                                                  • Instruction Fuzzy Hash: 63E0BD35E0E68384FEA9FAB129022F902401F32344FB01078DA6FD22C39E0E244B162E
                                                                  Function 00007FF60807C1C8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • HeapAlloc.KERNEL32(?,?,00000000,00007FF60807A072,?,?,?,00007FF60807C125,?,?,?,?,00007FF608077D08), ref: 00007FF60807C21D
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: AllocHeap
                                                                  • String ID:
                                                                  • API String ID: 4292702814-0
                                                                  • Opcode ID: 135306cfd6f981af923da4fe000d2c37e782639362960f7bd737ffabaa1f0f79
                                                                  • Instruction ID: e5ca26909aee0a3db7df4f34b05d2d3098b4c0129748c8e92acd24f64b81cef0
                                                                  • Opcode Fuzzy Hash: 135306cfd6f981af923da4fe000d2c37e782639362960f7bd737ffabaa1f0f79
                                                                  • Instruction Fuzzy Hash: D7F06D14F0930B85FE58D7F1A8212B553806F8AB90F7C5431CD0FC66D2EE5CE482821C
                                                                  Function 00007FF60807C240 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF60807F389,?,?,00000000,00007FF60807D083,?,?,?,00007FF6080770BF,?,?,?,00007FF6080772FD), ref: 00007FF60807C27E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: AllocHeap
                                                                  • String ID:
                                                                  • API String ID: 4292702814-0
                                                                  • Opcode ID: 81c4a1072c291bc039217ef3688a7505bcb60df8785fb09408a2d79300e577ee
                                                                  • Instruction ID: 6344f88d4511c38950fe9293d06110f1b255e3da413d18827482c93bfeb26182
                                                                  • Opcode Fuzzy Hash: 81c4a1072c291bc039217ef3688a7505bcb60df8785fb09408a2d79300e577ee
                                                                  • Instruction Fuzzy Hash: 9DF01C50F0970B85FE64D7F259512B55380AF85BA0F3C4634DD2FC62C2DE6CA442461C

                                                                  Non-executed Functions

                                                                  Function 00007FF60807CA90 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 283COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                  • String ID: C:\Users\user\Desktop\soft 1.14.exe
                                                                  • API String ID: 2227656907-904005308
                                                                  • Opcode ID: e225d3fb6d4ae7c10b93392ed77da4608c0e544a1bff775a08a37f312803c6a9
                                                                  • Instruction ID: 1167d7c972a780e74cb4fa6c4d3175891b350d6bccdd9d2e9f33a75d32bd01fc
                                                                  • Opcode Fuzzy Hash: e225d3fb6d4ae7c10b93392ed77da4608c0e544a1bff775a08a37f312803c6a9
                                                                  • Instruction Fuzzy Hash: 6CB1C122F1868681FA60DB35E4042B96390EB85BE4F644131EE5F9BBC9DF3CE941830C
                                                                  Function 00007FF6080754D4 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                  • String ID:
                                                                  • API String ID: 3140674995-0
                                                                  • Opcode ID: 5f043ce2f24c5dd1fc7556dc09ed2e4de8428533f533a7f6f2f8a904c65be6c1
                                                                  • Instruction ID: 38427a7c1a0420ddc728c653dc84aacbf0127b154fced3301eac4846174c2634
                                                                  • Opcode Fuzzy Hash: 5f043ce2f24c5dd1fc7556dc09ed2e4de8428533f533a7f6f2f8a904c65be6c1
                                                                  • Instruction Fuzzy Hash: CE313C72A08B8286EB64CF70E8403EE7360FB84754F54443ADA4E87B95DF78D548C718
                                                                  Function 00007FF608077760 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                  • String ID:
                                                                  • API String ID: 1239891234-0
                                                                  • Opcode ID: 0682ff08e83aaada5c55492228567788b13ab54fda938eba02d557cdfddf4092
                                                                  • Instruction ID: f99f1d95540be6d023456db5bd76f61420b4e64eb7db584c11a696d88b4b2f8f
                                                                  • Opcode Fuzzy Hash: 0682ff08e83aaada5c55492228567788b13ab54fda938eba02d557cdfddf4092
                                                                  • Instruction Fuzzy Hash: A9318632A08F8186EB64CF75E8402AE73A0FB88794F640135EA9D87B95DF7CD545CB04
                                                                  Function 00007FF608075304 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                  • String ID:
                                                                  • API String ID: 2933794660-0
                                                                  • Opcode ID: 1ef9cfd6a28bfbf257edefedf7c8203de68038772214ee7f848650bd26ef0748
                                                                  • Instruction ID: aa8045bfd570cf42edd20c810431070e8ad32adfb0c7622d485ff57cfd20fb03
                                                                  • Opcode Fuzzy Hash: 1ef9cfd6a28bfbf257edefedf7c8203de68038772214ee7f848650bd26ef0748
                                                                  • Instruction Fuzzy Hash: 6A111C22B14B06CAEB00CBB0E8556A833A4F799768F580E31DA6DC77A4DFB8D1558344
                                                                  Function 00007FF608079E10 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: HeapProcess
                                                                  • String ID:
                                                                  • API String ID: 54951025-0
                                                                  • Opcode ID: 04e430f214420386c097ea80a3f65c29a15293500482715ba298f06b5bffda18
                                                                  • Instruction ID: 430b9f7fe041f4c4e464b55307b7c0d1a172e35144f91d0d9f09bf0e88032a15
                                                                  • Opcode Fuzzy Hash: 04e430f214420386c097ea80a3f65c29a15293500482715ba298f06b5bffda18
                                                                  • Instruction Fuzzy Hash: 17B09220E07B07C2EE4CABA16C8A21423A47F88B10FAC4038C00CC1320DEAC24A54704
                                                                  Function 00007FF608072DD0 Relevance: .5, Instructions: 470COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2493b7593c7a72a3c048878eaa47db4bf64ef86c7613569d36cef1db600bd04e
                                                                  • Instruction ID: 8340270c88e46fceeaee4401535da6801ab4f347eca235a49d8bcb4074e4607a
                                                                  • Opcode Fuzzy Hash: 2493b7593c7a72a3c048878eaa47db4bf64ef86c7613569d36cef1db600bd04e
                                                                  • Instruction Fuzzy Hash: 2D4284BA6086048AD764CF19D09151ABBF0F7CCBA8B194216EF8E83765DF39D582CF44
                                                                  Function 00007FF608077008 Relevance: .1, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFreeHeapLast
                                                                  • String ID:
                                                                  • API String ID: 485612231-0
                                                                  • Opcode ID: e5e308dfeada57223cb931c0b5dfaffe289988bed981820dc51f875181d83110
                                                                  • Instruction ID: 242aabd5b35068f1c422712ba27c5da9ee6a91c02e107665d40ff4177f900bca
                                                                  • Opcode Fuzzy Hash: e5e308dfeada57223cb931c0b5dfaffe289988bed981820dc51f875181d83110
                                                                  • Instruction Fuzzy Hash: DD41D672B14A5585EF08CF7AD9145697391BB88FD4B299032DE0ED7B98DF3CD1428308
                                                                  Function 00007FF6080817D0 Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 36e227a93ecbd0eaa87d54bff9a39891396378540c1ebb38e19a135996851a4b
                                                                  • Instruction ID: 1e14b3979a1de0a267a2a10ed5eb9d60c0fe4fc6fce33e9677e7f6f6750d887f
                                                                  • Opcode Fuzzy Hash: 36e227a93ecbd0eaa87d54bff9a39891396378540c1ebb38e19a135996851a4b
                                                                  • Instruction Fuzzy Hash: 48F01872B18755CBEB98CF79A84262977D0F748384F648039D58DC3B14DA7C9451CF18
                                                                  Function 00007FF6080754C4 Relevance: .0, Instructions: 2COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f3f9b99e833d81c9360031323baeb257995531fff9fb24a03fa220d7ef962a05
                                                                  • Instruction ID: 41e309b0d21e67041589f43ef3e3a9770ac4429950023669125d251b7eef9b65
                                                                  • Opcode Fuzzy Hash: f3f9b99e833d81c9360031323baeb257995531fff9fb24a03fa220d7ef962a05
                                                                  • Instruction Fuzzy Hash: 4CA00161918D0AD0E648CB60AC504796320AB90320BA44171C00EC20B09E6CA401820C
                                                                  Function 00007FF608078F5C Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                  • String ID: csm$csm$csm
                                                                  • API String ID: 849930591-393685449
                                                                  • Opcode ID: 3761cf37712abdcf1e6db3273805001c4b0028c3034cc92ba4d43b14fc4efdf9
                                                                  • Instruction ID: 0483e54aeef2c64c825c9004a58d5a2173fd8f2e2b30ed2dd8654dcbb403186f
                                                                  • Opcode Fuzzy Hash: 3761cf37712abdcf1e6db3273805001c4b0028c3034cc92ba4d43b14fc4efdf9
                                                                  • Instruction Fuzzy Hash: B5D17C72E08B418AEB60DB7594453AD7BA0FB55788F204235EA4E97BD6CF3CE091C748
                                                                  Function 00007FF60807D75C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF60807D5F1,?,?,00000000,00007FF608078034), ref: 00007FF60807D7E1
                                                                  • GetLastError.KERNEL32(?,?,?,00007FF60807D5F1,?,?,00000000,00007FF608078034), ref: 00007FF60807D7EF
                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF60807D5F1,?,?,00000000,00007FF608078034), ref: 00007FF60807D819
                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF60807D5F1,?,?,00000000,00007FF608078034), ref: 00007FF60807D887
                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF60807D5F1,?,?,00000000,00007FF608078034), ref: 00007FF60807D893
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                  • String ID: MZx$api-ms-
                                                                  • API String ID: 2559590344-259127448
                                                                  • Opcode ID: e3e0607afb2d36fe791d2cb7d0cfe75f8ab5f5604bbfa85aa404c328e2221570
                                                                  • Instruction ID: ca621fca396683ac0bf48e700c8205065d8e3701cfb6f3f92027ede6ba597763
                                                                  • Opcode Fuzzy Hash: e3e0607afb2d36fe791d2cb7d0cfe75f8ab5f5604bbfa85aa404c328e2221570
                                                                  • Instruction Fuzzy Hash: F6319E21F1AB4281FE56DB62A8006756298BF48BB0F690535DD2E8A7D5EE7CE441830C
                                                                  Function 00007FF608079E98 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Value$ErrorLast
                                                                  • String ID:
                                                                  • API String ID: 2506987500-0
                                                                  • Opcode ID: 8eb7e9acec1751e613be6750b9c04c95c48d5d700aaadb3b6e51bf6b1cebdfde
                                                                  • Instruction ID: 38a82036e5573a5e5493af1353b2cb1fb5aee35eeddefcee15870cb470aa0d3d
                                                                  • Opcode Fuzzy Hash: 8eb7e9acec1751e613be6750b9c04c95c48d5d700aaadb3b6e51bf6b1cebdfde
                                                                  • Instruction Fuzzy Hash: 1C218E20F0D64382FA68E7755A5257D66925F857B0F380734E92FCBAD6EE2CB442830C
                                                                  Function 00007FF608080CA0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                  • String ID: CONOUT$
                                                                  • API String ID: 3230265001-3130406586
                                                                  • Opcode ID: eccb84783a33b6acb2369927ad856cb4a6f1e39df1dbbcb1c74e1911e2e9c731
                                                                  • Instruction ID: 57cead7593419f7ad3ff2c2afd2dc33a8854c90de71cdc5fdc2022e34017f072
                                                                  • Opcode Fuzzy Hash: eccb84783a33b6acb2369927ad856cb4a6f1e39df1dbbcb1c74e1911e2e9c731
                                                                  • Instruction Fuzzy Hash: 78115421718B42C6E754CBA2E844729A7A0FB88BE4F284234D95EC7B94DFBCD5448748
                                                                  Function 00007FF60807A010 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLastError.KERNEL32(?,?,?,00007FF60807C125,?,?,?,?,00007FF608077D08,?,?,?,?,00007FF608074E74), ref: 00007FF60807A01F
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF60807C125,?,?,?,?,00007FF608077D08,?,?,?,?,00007FF608074E74), ref: 00007FF60807A055
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF60807C125,?,?,?,?,00007FF608077D08,?,?,?,?,00007FF608074E74), ref: 00007FF60807A082
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF60807C125,?,?,?,?,00007FF608077D08,?,?,?,?,00007FF608074E74), ref: 00007FF60807A093
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF60807C125,?,?,?,?,00007FF608077D08,?,?,?,?,00007FF608074E74), ref: 00007FF60807A0A4
                                                                  • SetLastError.KERNEL32(?,?,?,00007FF60807C125,?,?,?,?,00007FF608077D08,?,?,?,?,00007FF608074E74), ref: 00007FF60807A0BF
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Value$ErrorLast
                                                                  • String ID:
                                                                  • API String ID: 2506987500-0
                                                                  • Opcode ID: b62c077a2562629968d0e64dfe6611344bf88aff198bfc4a34faf3d636af4a9f
                                                                  • Instruction ID: 21150acda33a802f321add73ea24685614aefb028d2e56eccb6a4de7821702ee
                                                                  • Opcode Fuzzy Hash: b62c077a2562629968d0e64dfe6611344bf88aff198bfc4a34faf3d636af4a9f
                                                                  • Instruction Fuzzy Hash: 2D116A20F0D21282FA58E3755A5257DA2926F857B0F380A34E82FC76D6DE6CA441838C
                                                                  Function 00007FF60807E510 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                  • String ID: MZx
                                                                  • API String ID: 2718003287-2575928145
                                                                  • Opcode ID: 6ce917d528adb3b7ec2eb0403480b4a9e68144bd1b8ad96170a743d827fd017e
                                                                  • Instruction ID: 1badf4745675719ff1fc96fff321145c4c9661e84d8a63d6e3dd76ad601a8fdf
                                                                  • Opcode Fuzzy Hash: 6ce917d528adb3b7ec2eb0403480b4a9e68144bd1b8ad96170a743d827fd017e
                                                                  • Instruction Fuzzy Hash: FFD1F132F0AA8189E751CFB9D4402AC37B1FB44B98B644276DE5E97BD9DE38D016C348
                                                                  Function 00007FF608076790 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                  • API String ID: 4061214504-1276376045
                                                                  • Opcode ID: 56dec27a48c382bae8c9dbc998320d3297bdff6e0d22f776c03b946996f6de0c
                                                                  • Instruction ID: 66e2ea5acac81d5a462cdf3ef438c3d1b5e8940740be0c163bda62ad3237f562
                                                                  • Opcode Fuzzy Hash: 56dec27a48c382bae8c9dbc998320d3297bdff6e0d22f776c03b946996f6de0c
                                                                  • Instruction Fuzzy Hash: 14F04FA1B19B0281EA18CB74A4443796360EF897A1F680635C96EC92E4CF6DD548C318
                                                                  Function 00007FF6080815E0 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: _set_statfp
                                                                  • String ID:
                                                                  • API String ID: 1156100317-0
                                                                  • Opcode ID: 52608bc6d143c9dc7bfa0a8c4855f078bb6d55b13afd5a83babe45fd19c9ed63
                                                                  • Instruction ID: ba5d86ecab265a73e0bf3fc4cf994d4798ac3bb0f6485e9b249561d8a3ab956d
                                                                  • Opcode Fuzzy Hash: 52608bc6d143c9dc7bfa0a8c4855f078bb6d55b13afd5a83babe45fd19c9ed63
                                                                  • Instruction Fuzzy Hash: 24114FB2E18A03C5F7569134E45637530406F653B0E3C0A34E9EF862E68EECA8D2450C
                                                                  Function 00007FF60807A0D8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF608077A3F,?,?,00000000,00007FF6080778EE,?,?,?,?,?,00007FF608077B02), ref: 00007FF60807A0F7
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF608077A3F,?,?,00000000,00007FF6080778EE,?,?,?,?,?,00007FF608077B02), ref: 00007FF60807A116
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF608077A3F,?,?,00000000,00007FF6080778EE,?,?,?,?,?,00007FF608077B02), ref: 00007FF60807A13E
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF608077A3F,?,?,00000000,00007FF6080778EE,?,?,?,?,?,00007FF608077B02), ref: 00007FF60807A14F
                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF608077A3F,?,?,00000000,00007FF6080778EE,?,?,?,?,?,00007FF608077B02), ref: 00007FF60807A160
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Value
                                                                  • String ID:
                                                                  • API String ID: 3702945584-0
                                                                  • Opcode ID: 315fd457ddef81b560e09b51ca76df7db0b77885c296541c44264b052bdf0a77
                                                                  • Instruction ID: 072324a36751122cd7c4d122e8074f1ac7f961dc203fde061acfacc6c24b4ac3
                                                                  • Opcode Fuzzy Hash: 315fd457ddef81b560e09b51ca76df7db0b77885c296541c44264b052bdf0a77
                                                                  • Instruction Fuzzy Hash: C9114920F0D25245FA98D779A95267D62926F857F0E384738E92FC76D6DE2CA842820C
                                                                  Function 00007FF608079F6C Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Value
                                                                  • String ID:
                                                                  • API String ID: 3702945584-0
                                                                  • Opcode ID: 3583ea58da392ae5e1a25b37852758e3d7efc9f279aafc2945d021ad744b599d
                                                                  • Instruction ID: 1b32e4cebb165a31089c640a8cdcdd6c9a1efc695e83c3b7e420408cbb8ead8b
                                                                  • Opcode Fuzzy Hash: 3583ea58da392ae5e1a25b37852758e3d7efc9f279aafc2945d021ad744b599d
                                                                  • Instruction Fuzzy Hash: 54112D60F0D20741FA7CE77958626BE25925F86370E380B38E93FCA2D2DD2CB442825D
                                                                  Function 00007FF608075A88 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                  • String ID: csm
                                                                  • API String ID: 2395640692-1018135373
                                                                  • Opcode ID: b8fdca9cded4bbb6aa06f1f5ade378c1037bc301aacae7e2f84c1045c81e75ca
                                                                  • Instruction ID: 959e9f52fb52e752eb25b30e6a35b0e2236ccf789e64bab6e5c85cfd625fdc21
                                                                  • Opcode Fuzzy Hash: b8fdca9cded4bbb6aa06f1f5ade378c1037bc301aacae7e2f84c1045c81e75ca
                                                                  • Instruction Fuzzy Hash: 93517E32E196028AEB14CF25E844BBD6391EB44B98F658535EA4B877C8DF7DE841870C
                                                                  Function 00007FF60807891C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                  • String ID: csm$csm
                                                                  • API String ID: 3896166516-3733052814
                                                                  • Opcode ID: dad56c49b405efa0f0b0dfcbe895a6a6fea9ee740eef188aff0589e1bfe89b6b
                                                                  • Instruction ID: 5c48bb9da7b32dab3b217d96e45d4b03e27200f8cfc54ea481ea232098eaff29
                                                                  • Opcode Fuzzy Hash: dad56c49b405efa0f0b0dfcbe895a6a6fea9ee740eef188aff0589e1bfe89b6b
                                                                  • Instruction Fuzzy Hash: A3615D32D086828AEB74CA25954837877A1FB59B94F248135DA9EC7BD5CF3CE890C70D
                                                                  Function 00007FF608079500 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: CallEncodePointerTranslator
                                                                  • String ID: MOC$RCC
                                                                  • API String ID: 3544855599-2084237596
                                                                  • Opcode ID: ba93ea01ede6b7901e4f1a42dd3188ba1bf94f5b48d2c5fd38b2079bf7c360a5
                                                                  • Instruction ID: 83df5bff2acae940f7ad6cba12498dbbf41047ee67c0ed67399fdefff9e6b455
                                                                  • Opcode Fuzzy Hash: ba93ea01ede6b7901e4f1a42dd3188ba1bf94f5b48d2c5fd38b2079bf7c360a5
                                                                  • Instruction Fuzzy Hash: B461A172D08BC581D760DF25E4407AABBA0FB85B84F144225EB9E47B99DF3CE191CB08
                                                                  Function 00007FF60807E0E8 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF60807E4FB), ref: 00007FF60807E204
                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF60807E4FB), ref: 00007FF60807E28F
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ConsoleErrorLastMode
                                                                  • String ID:
                                                                  • API String ID: 953036326-0
                                                                  • Opcode ID: 88b8c225d62e374fe023bc9d5a4caf48daae308facaf316e88f45816378adbdd
                                                                  • Instruction ID: 78f891f23ca4cf52c0c69f682c0cf395e543fa3e7f7f6b10fc385c1f1fd1c337
                                                                  • Opcode Fuzzy Hash: 88b8c225d62e374fe023bc9d5a4caf48daae308facaf316e88f45816378adbdd
                                                                  • Instruction Fuzzy Hash: F691BF72F0965289F764CF75C4452BD2BA0AB45B88F644179DE0FA6AC5DE38E482C70C
                                                                  Function 00007FF608078A64 Relevance: 6.2, APIs: 4, Instructions: 202COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: AdjustPointer
                                                                  • String ID:
                                                                  • API String ID: 1740715915-0
                                                                  • Opcode ID: 506d3401bf5a93b8ca173106f1f1787cf44583c133506b40ded6fba249d7dab6
                                                                  • Instruction ID: 5756d54971246d1bdff0b4c73555a4daf366951b2d4761798aca16d318fbad2f
                                                                  • Opcode Fuzzy Hash: 506d3401bf5a93b8ca173106f1f1787cf44583c133506b40ded6fba249d7dab6
                                                                  • Instruction Fuzzy Hash: F471C062E0AA4681FE65DA31958857D6794EF54B80F29C835DF4F87BC5DE3CE482830C
                                                                  Function 00007FF608076BBC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF608076BEE
                                                                    • Part of subcall function 00007FF60807B380: RtlFreeHeap.NTDLL(?,?,?,00007FF60807BF8A,?,?,?,00007FF60807BE8B,?,?,00000000,00007FF60807C9A9,?,?,?,00007FF60807C8B3), ref: 00007FF60807B396
                                                                    • Part of subcall function 00007FF60807B380: GetLastError.KERNEL32(?,?,?,00007FF60807BF8A,?,?,?,00007FF60807BE8B,?,?,00000000,00007FF60807C9A9,?,?,?,00007FF60807C8B3), ref: 00007FF60807B3A0
                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF608074EAD), ref: 00007FF608076C0C
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                  • String ID: C:\Users\user\Desktop\soft 1.14.exe
                                                                  • API String ID: 3580290477-904005308
                                                                  • Opcode ID: a645f223ce12f83b0f8d23c07915082202de851ed736994d0ec83cfc9196f6a2
                                                                  • Instruction ID: ae86d60345b59bb6e877a87702eef38fc5d5682dfc04230c276bff6d9cae5f92
                                                                  • Opcode Fuzzy Hash: a645f223ce12f83b0f8d23c07915082202de851ed736994d0ec83cfc9196f6a2
                                                                  • Instruction Fuzzy Hash: 2C417C32E08B068AE718EF31E8510BD37A4FB45B94B644035EA5FC7B95DE3DE8818348
                                                                  Function 00007FF60807EBA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileLastWrite
                                                                  • String ID: U
                                                                  • API String ID: 442123175-4171548499
                                                                  • Opcode ID: 6e6dc1b65bfd63166fd0bb342432b01ffd91828e93f14cbc7104de6985ace0a7
                                                                  • Instruction ID: e5fa4db588a15c04eaa171f03ee741d8df3e0027dc38ee080bc088217e56b635
                                                                  • Opcode Fuzzy Hash: 6e6dc1b65bfd63166fd0bb342432b01ffd91828e93f14cbc7104de6985ace0a7
                                                                  • Instruction Fuzzy Hash: 0B41B262B19B4185EB20CF35E4443A967A0FB98B94FA44031EE4EC7798DF7CD442C748
                                                                  Function 00007FF6080759E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF608074E57), ref: 00007FF608075A30
                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF608074E57), ref: 00007FF608075A71
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.1675361008.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000000.00000002.1675345618.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675384226.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675569765.00007FF60838D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675589059.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000000.00000002.1675619460.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFileHeaderRaise
                                                                  • String ID: csm
                                                                  • API String ID: 2573137834-1018135373
                                                                  • Opcode ID: 967fbbe814c9c1e701ed63cdd0d532d980ddcea8b093fe1b68fbd27a0b08e2d1
                                                                  • Instruction ID: 3663f0858507ac6a770d823c2188b2fb1595d4125fae17c7c3bd45300161abc4
                                                                  • Opcode Fuzzy Hash: 967fbbe814c9c1e701ed63cdd0d532d980ddcea8b093fe1b68fbd27a0b08e2d1
                                                                  • Instruction Fuzzy Hash: 20116032A18B8182EB20CF25F840259B7E5FB88B94F684230DE8D47759DF3CD551C704

                                                                  Execution Graph

                                                                  Execution Coverage:6.6%
                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                  Signature Coverage:2.9%
                                                                  Total number of Nodes:2000
                                                                  Total number of Limit Nodes:50
                                                                  execution_graph 73854 1400abbec 73855 1400abc05 73854->73855 73868 1400abc01 73854->73868 73869 1400a4da4 73855->73869 73860 1400abc23 73896 1400abcd0 36 API calls 4 library calls 73860->73896 73861 1400abc17 73891 14009bc88 73861->73891 73864 1400abc2b 73865 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 73864->73865 73866 1400abc4a 73865->73866 73867 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 73866->73867 73867->73868 73870 1400a4df6 73869->73870 73871 1400a4db1 73869->73871 73875 1400acb04 GetEnvironmentStringsW 73870->73875 73897 140098880 41 API calls 3 library calls 73871->73897 73873 1400a4de0 73898 1400a4a7c 43 API calls 3 library calls 73873->73898 73876 1400abc0f 73875->73876 73877 1400acb34 wcsftime 73875->73877 73876->73860 73876->73861 73878 1400acb8c FreeEnvironmentStringsW 73877->73878 73899 14009d17c 73877->73899 73878->73876 73881 1400acba7 73882 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 73881->73882 73883 1400acbae 73882->73883 73883->73878 73884 1400acbb0 wcsftime 73885 1400acbe1 73884->73885 73886 1400acbd7 73884->73886 73888 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 73885->73888 73887 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 73886->73887 73889 1400acbdf FreeEnvironmentStringsW 73887->73889 73888->73889 73889->73876 73892 14009bc8d HeapFree 73891->73892 73893 14009bcbe 73891->73893 73892->73893 73894 14009bca8 Concurrency::details::SchedulerProxy::DeleteThis __std_fs_get_current_path 73892->73894 73893->73868 73904 140093728 6 API calls memcpy_s 73894->73904 73896->73864 73897->73873 73898->73870 73902 14009d18b std::_Facet_Register wcsftime 73899->73902 73901 14009d1c5 73901->73881 73901->73884 73902->73901 73903 140093728 6 API calls memcpy_s 73902->73903 73903->73901 73904->73893 73905 14004c8e6 73906 14004c902 73905->73906 73907 14004c4b0 73906->73907 73909 14004d100 73906->73909 73910 14004d123 73909->73910 73913 14004d11d 73909->73913 73911 14004d13a 73910->73911 73926 14003fc60 73910->73926 73911->73913 73915 14004d1d4 73911->73915 73912 14004d1a7 73912->73907 73913->73912 73945 140058eb0 38 API calls 4 library calls 73913->73945 73946 14002cdc0 38 API calls 73915->73946 73917 14004d216 73947 1400af748 73917->73947 73919 14004d227 73920 14004d255 73919->73920 73950 140047c10 38 API calls 4 library calls 73919->73950 73922 14004d300 73920->73922 73923 14004d100 38 API calls 73920->73923 73951 140047c10 38 API calls 4 library calls 73920->73951 73922->73907 73923->73920 73927 14003fc9d 73926->73927 73929 14003fd33 73927->73929 73930 14003fd11 73927->73930 73936 14003fcad _Receive_impl 73927->73936 73933 140092f08 36 API calls 73929->73933 73952 140092f08 73930->73952 73931 14003fedf 73931->73911 73939 14003fd61 memcpy_s 73933->73939 73935 14003fe81 73935->73936 73937 14003ff67 73935->73937 73970 1400ad120 73936->73970 73938 14003ff94 73937->73938 73944 14003fc60 38 API calls 73937->73944 73938->73911 73939->73935 73941 140092f08 36 API calls 73939->73941 73943 14003ff17 73939->73943 73969 140047c10 38 API calls 4 library calls 73939->73969 73940 14003ffab 73940->73911 73941->73939 73943->73935 73977 140096014 36 API calls 2 library calls 73943->73977 73944->73940 73945->73912 73946->73917 73949 1400af767 Concurrency::cancel_current_task 73947->73949 73948 1400af7b2 RaiseException 73948->73919 73949->73948 73950->73920 73951->73920 73953 140092f24 73952->73953 73956 140092f42 73952->73956 73984 140093728 6 API calls memcpy_s 73953->73984 73955 140092f29 73985 140096af4 36 API calls _invalid_parameter_noinfo 73955->73985 73962 140092f66 73956->73962 73986 1400981cc 73956->73986 73959 140093003 73978 140092ec4 73959->73978 73960 140092fd8 73992 140093728 6 API calls memcpy_s 73960->73992 73962->73959 73962->73960 73964 140092fdd 73993 140096af4 36 API calls _invalid_parameter_noinfo 73964->73993 73965 140092f34 73965->73936 73967 140092fe8 73994 1400af374 RtlUnwind 73967->73994 73969->73939 73971 1400ad129 73970->73971 73972 1400ad134 73971->73972 73973 1400ad4fc IsProcessorFeaturePresent 73971->73973 73972->73931 73974 1400ad514 73973->73974 73999 1400ad6f4 RtlCaptureContext RtlLookupFunctionEntry capture_previous_context 73974->73999 73976 1400ad527 73976->73931 73977->73943 73979 140092ed0 73978->73979 73982 140092ee0 73978->73982 73995 140093728 6 API calls memcpy_s 73979->73995 73981 140092ed5 73996 140096af4 36 API calls _invalid_parameter_noinfo 73981->73996 73982->73965 73984->73955 73985->73965 73987 1400981e5 73986->73987 73988 1400981d5 73986->73988 73987->73962 73997 140093728 6 API calls memcpy_s 73988->73997 73990 1400981da 73998 140096af4 36 API calls _invalid_parameter_noinfo 73990->73998 73992->73964 73993->73967 73994->73965 73995->73981 73996->73982 73997->73990 73998->73987 73999->73976 74000 1400ad96c 74023 1400ad290 74000->74023 74003 1400adab8 74104 1400adb78 3 API calls 4 library calls 74003->74104 74004 1400ad988 __scrt_acquire_startup_lock 74006 1400adac2 74004->74006 74013 1400ad9a6 __scrt_release_startup_lock 74004->74013 74105 1400adb78 3 API calls 4 library calls 74006->74105 74008 1400ad9cb 74009 1400adacd BuildCatchObjectHelperInternal 74010 1400ada51 74029 1400adcc0 74010->74029 74012 1400ada56 74032 1400bc6c8 74012->74032 74013->74008 74013->74010 74101 1400a391c 36 API calls 74013->74101 74024 1400ad298 74023->74024 74025 1400ad2a4 __scrt_dllmain_crt_thread_attach 74024->74025 74026 1400ad2b1 74025->74026 74028 1400ad2ad 74025->74028 74026->74028 74106 1400af72c DeleteCriticalSection __vcrt_uninitialize_ptd __vcrt_uninitialize_locks 74026->74106 74028->74003 74028->74004 74107 1400bff10 74029->74107 74031 1400adcd7 GetStartupInfoW 74031->74012 74033 1400a4da4 48 API calls 74032->74033 74035 1400bc6d7 74033->74035 74034 1400ada5e 74037 14007b500 74034->74037 74035->74034 74109 1400bd530 36 API calls wcsftime 74035->74109 74110 14007e710 GetCurrentProcess OpenProcessToken 74037->74110 74040 14007b524 74319 14007ea50 39 API calls 2 library calls 74040->74319 74041 14007b54e 74117 14008a560 GetCurrentProcess OpenProcessToken 74041->74117 74045 14007b52e 74320 140089330 66 API calls _Strcoll 74045->74320 74046 14008a560 8 API calls 74048 14007b566 74046->74048 74125 140086be0 74048->74125 74049 14007b537 74051 14007b542 ExitProcess 74049->74051 74051->74041 74054 14007b5f6 _Receive_impl 74055 14007b634 OpenMutexA 74054->74055 74062 14007b7c1 74054->74062 74056 14007b66d ExitProcess 74055->74056 74057 14007b679 CreateMutexA 74055->74057 74056->74057 74303 1400755f0 74057->74303 74101->74010 74104->74006 74105->74009 74106->74028 74108 1400bff00 74107->74108 74108->74031 74108->74108 74109->74035 74111 14007e768 GetTokenInformation 74110->74111 74112 14007e7a4 74110->74112 74111->74112 74113 14007e7b1 CloseHandle 74112->74113 74114 14007e7bd 74112->74114 74113->74114 74115 1400ad120 _Strcoll 3 API calls 74114->74115 74116 14007b520 74115->74116 74116->74040 74116->74041 74118 14008a5cb LookupPrivilegeValueW 74117->74118 74119 14008a636 74117->74119 74118->74119 74120 14008a5ec AdjustTokenPrivileges 74118->74120 74121 14008a64a 74119->74121 74122 14008a63e CloseHandle 74119->74122 74120->74119 74123 1400ad120 _Strcoll 3 API calls 74121->74123 74122->74121 74124 14007b55a 74123->74124 74124->74046 74321 140085ad0 GetCurrentHwProfileW 74125->74321 74129 140086ce9 74130 140086d33 74129->74130 74531 14008e3f4 39 API calls 74129->74531 74343 14008c0a0 74130->74343 74133 140086d43 74135 140086d8c 74133->74135 74138 140086dbc memcpy_s _Receive_impl 74133->74138 74532 140097270 74133->74532 74137 140097270 36 API calls 74135->74137 74135->74138 74136 140086e8a _Receive_impl 74139 1400ad120 _Strcoll 3 API calls 74136->74139 74137->74135 74138->74136 74140 140086ecc 74138->74140 74141 14007b570 74139->74141 74355 1400853a0 74140->74355 74299 14007bf20 74141->74299 74152 140086be0 134 API calls 74153 140086f6d 74152->74153 74408 140084e20 74153->74408 74155 140086f77 74412 14005c490 74155->74412 74157 140086fa1 74421 1400408c0 74157->74421 74159 140086ffb 74160 1400408c0 38 API calls 74159->74160 74161 14008703e 74160->74161 74437 140042fb0 74161->74437 74164 14005c490 38 API calls 74165 140087097 74164->74165 74166 1400408c0 38 API calls 74165->74166 74167 1400870e6 74166->74167 74168 1400408c0 38 API calls 74167->74168 74169 140087135 74168->74169 74300 14007bf42 74299->74300 74301 14006f820 39 API calls 74300->74301 74302 14007bf56 74301->74302 74302->74054 74304 140075621 74303->74304 75117 1400764e0 38 API calls _Receive_impl 74304->75117 74306 140075d3c 74307 1400435c0 38 API calls 74306->74307 74308 140075d7f 74307->74308 75118 14006ef40 74308->75118 74310 140075db7 74311 1400408c0 38 API calls 74310->74311 74312 140075e2b 74311->74312 75125 140044780 38 API calls Concurrency::cancel_current_task 74312->75125 74314 140075e3b 75126 140044a90 38 API calls 2 library calls 74314->75126 74316 140075e51 _Receive_impl 74317 1400408c0 38 API calls 74316->74317 74318 140075f89 74317->74318 74319->74045 74320->74049 74322 140085b1a 74321->74322 74324 140085b79 74321->74324 74541 1400767f0 74322->74541 74325 1400ad120 _Strcoll 3 API calls 74324->74325 74328 140085bf1 74325->74328 74326 140085b29 74326->74324 74550 14008e3f4 39 API calls 74326->74550 74329 1400850f0 74328->74329 74575 14007e8d0 74329->74575 74333 140085193 memcpy_s _Receive_impl 74334 1400852b7 74333->74334 74342 1400851e1 74333->74342 74586 1400775d0 55 API calls 74333->74586 74335 1400ad120 _Strcoll 3 API calls 74336 14008529e 74335->74336 74336->74129 74338 14008521d 74587 140077730 54 API calls 2 library calls 74338->74587 74340 140085244 74588 14003eec0 74340->74588 74342->74335 74346 14008c0e9 74343->74346 74354 14008c1e8 74343->74354 74348 14008c186 74346->74348 74349 14008c14a memcpy_s 74346->74349 74351 14008c128 74346->74351 74347 1400ad148 std::_Facet_Register 38 API calls 74350 14008c141 74347->74350 74352 1400ad148 std::_Facet_Register 38 API calls 74348->74352 74349->74133 74350->74349 74616 14002b820 38 API calls 2 library calls 74350->74616 74351->74347 74351->74350 74352->74349 74617 14002b8e0 38 API calls 74354->74617 74356 1400853f9 memcpy_s 74355->74356 74357 1400ad148 std::_Facet_Register 38 API calls 74356->74357 74358 140085463 74357->74358 74618 14004b9d0 74358->74618 74360 1400854a8 EnumDisplayDevicesW 74365 140085569 74360->74365 74367 1400854c5 _Receive_impl 74360->74367 74361 1400767f0 38 API calls 74361->74367 74363 140085571 74364 1400ad120 _Strcoll 3 API calls 74363->74364 74366 14008568e 74364->74366 74365->74363 74369 140042d30 38 API calls 74365->74369 74371 1400852c0 RegGetValueA 74366->74371 74367->74361 74368 140085531 EnumDisplayDevicesW 74367->74368 74370 1400856af 74367->74370 74628 14008c7a0 38 API calls 2 library calls 74367->74628 74368->74365 74368->74367 74369->74365 74372 14008533d 74371->74372 74373 1400ad120 _Strcoll 3 API calls 74372->74373 74374 14008537f 74373->74374 74375 1400856c0 74374->74375 74376 14008574f 74375->74376 74379 140085760 _Receive_impl 74375->74379 74641 1400474a0 74376->74641 74380 14008583e 74379->74380 74384 140085aab 74379->74384 74630 140042d30 74379->74630 74635 1400bb974 GetNativeSystemInfo 74380->74635 74382 140085843 74636 14006f820 74382->74636 74385 1400858e4 74386 140042d30 38 API calls 74385->74386 74387 14008592e 74386->74387 74388 140042d30 38 API calls 74387->74388 74389 140085988 _Receive_impl 74388->74389 74389->74384 74390 1400ad120 _Strcoll 3 API calls 74389->74390 74391 140085a8e 74390->74391 74392 140084fb0 74391->74392 74679 1400adde0 74392->74679 74395 14008500c 74398 1400ad120 _Strcoll 3 API calls 74395->74398 74396 140084fff 74397 1400767f0 38 API calls 74396->74397 74397->74395 74399 14008503e 74398->74399 74400 140085050 74399->74400 74401 1400adde0 _Strcoll 74400->74401 74402 140085060 GetComputerNameW 74401->74402 74403 1400850ac 74402->74403 74404 14008509f 74402->74404 74406 1400ad120 _Strcoll 3 API calls 74403->74406 74405 1400767f0 38 API calls 74404->74405 74405->74403 74407 1400850de 74406->74407 74407->74152 74409 140084f20 74408->74409 74681 1400840a0 74409->74681 74411 140084f44 _Receive_impl 74411->74155 74413 140042fb0 38 API calls 74412->74413 74414 14005c4c3 74413->74414 74415 1400ad148 std::_Facet_Register 38 API calls 74414->74415 74416 14005c4d8 74415->74416 74713 140041970 74416->74713 74418 14005c4f5 74419 1400ad120 _Strcoll 3 API calls 74418->74419 74420 14005c50e 74419->74420 74420->74157 74422 1400408f7 74421->74422 74423 1400408ff 74421->74423 74737 140046dc0 38 API calls 2 library calls 74422->74737 74433 140040994 74423->74433 74727 140046c80 74423->74727 74426 14004091d 74428 140040950 _Receive_impl 74426->74428 74426->74433 74429 1400ad120 _Strcoll 3 API calls 74428->74429 74431 14004097f 74429->74431 74430 1400409b6 74739 140046a00 74430->74739 74431->74159 74738 140046e50 38 API calls 74433->74738 74438 140042fed 74437->74438 74439 140043026 74438->74439 74440 1400430c7 74438->74440 74457 140043310 74438->74457 74461 140043382 _Receive_impl 74438->74461 74455 140043066 74439->74455 74460 14004343d 74439->74460 74810 1400481c0 38 API calls 2 library calls 74439->74810 74453 1400430f4 74440->74453 74440->74460 74812 1400481c0 38 API calls 2 library calls 74440->74812 74441 1400ad120 _Strcoll 3 API calls 74442 14004341f 74441->74442 74442->74164 74443 140043333 74446 1400433eb 74443->74446 74459 14004333c 74443->74459 74444 1400433fa 74805 14003f160 74444->74805 74445 140043307 74822 140043c60 38 API calls _Receive_impl 74445->74822 74823 140043c60 38 API calls _Receive_impl 74446->74823 74466 1400430c2 _Receive_impl 74453->74466 74813 14004f510 38 API calls 2 library calls 74453->74813 74455->74466 74811 14004f510 38 API calls 2 library calls 74455->74811 74457->74443 74457->74444 74457->74461 74459->74460 74459->74461 74824 14003f600 38 API calls 74460->74824 74461->74441 74462 1400409e0 38 API calls 74462->74466 74464 14004f510 38 API calls 74464->74466 74466->74445 74466->74462 74466->74464 74814 140048280 74466->74814 74819 140058710 74466->74819 74531->74129 74533 1400972aa 74532->74533 74537 140097289 74532->74537 74534 1400987ac _Getctype 36 API calls 74533->74534 74535 1400972af 74534->74535 74536 14009aa38 _Getctype 36 API calls 74535->74536 74538 1400972c8 74536->74538 74537->74133 74538->74537 75116 14009bb6c 36 API calls 3 library calls 74538->75116 74540 1400972fe 74540->74133 74542 14007683e 74541->74542 74548 14007681f _Receive_impl 74541->74548 74551 140036490 74542->74551 74543 1400ad120 _Strcoll 3 API calls 74544 1400768de 74543->74544 74544->74326 74546 140076867 74563 140076900 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll __std_fs_convert_wide_to_narrow 74546->74563 74548->74543 74549 1400768ec 74548->74549 74550->74326 74552 1400365b4 74551->74552 74554 1400364b6 74551->74554 74572 14002b8e0 38 API calls 74552->74572 74555 1400365af 74554->74555 74557 140036572 74554->74557 74558 14003651a 74554->74558 74562 1400364c1 memcpy_s 74554->74562 74571 14002b820 38 API calls 2 library calls 74555->74571 74559 1400ad148 std::_Facet_Register 38 API calls 74557->74559 74558->74555 74560 140036527 74558->74560 74559->74562 74564 1400ad148 74560->74564 74562->74546 74563->74548 74567 1400ad153 std::_Facet_Register 74564->74567 74565 1400ad16c 74565->74562 74566 1400ad17d 74574 14002b820 38 API calls 2 library calls 74566->74574 74567->74565 74567->74566 74573 1400ae19c RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 74567->74573 74570 1400ad183 74571->74552 74574->74570 74592 14007cdb0 74575->74592 74579 14007e91d 74580 140036490 38 API calls 74579->74580 74585 14007ea32 74579->74585 74581 14007e98e 74580->74581 74582 14007e9f7 _Receive_impl 74581->74582 74581->74585 74583 1400ad120 _Strcoll 3 API calls 74582->74583 74584 14007ea1c GetVolumeInformationW 74583->74584 74584->74333 74598 14007cbc0 38 API calls Concurrency::cancel_current_task 74585->74598 74586->74338 74587->74340 74589 14003ef08 74588->74589 74590 14003ef6c 74589->74590 74601 1400435c0 74589->74601 74590->74342 74593 14007ce2f 74592->74593 74595 14007ce10 __std_fs_get_current_path 74592->74595 74593->74595 74599 140047a50 38 API calls 4 library calls 74593->74599 74597 14007cf45 74595->74597 74600 140047a50 38 API calls 4 library calls 74595->74600 74597->74579 74599->74595 74600->74595 74602 140043607 74601->74602 74604 1400435dd memcpy_s 74601->74604 74605 140043661 74602->74605 74609 140043699 74602->74609 74612 140043653 memcpy_s 74602->74612 74604->74590 74606 140043710 74605->74606 74607 1400ad148 std::_Facet_Register 38 API calls 74605->74607 74615 14002b820 38 API calls 2 library calls 74606->74615 74607->74612 74610 1400ad148 std::_Facet_Register 38 API calls 74609->74610 74610->74612 74611 140043716 74613 1400436e7 _Receive_impl 74612->74613 74614 14002b8e0 38 API calls 74612->74614 74613->74590 74615->74611 74616->74354 74619 14004b9fc 74618->74619 74627 14004ba21 _Receive_impl 74618->74627 74620 14004bb02 74619->74620 74622 14004ba57 74619->74622 74623 14004ba2e 74619->74623 74619->74627 74629 14002b820 38 API calls 2 library calls 74620->74629 74625 1400ad148 std::_Facet_Register 38 API calls 74622->74625 74623->74620 74624 14004ba3b 74623->74624 74626 1400ad148 std::_Facet_Register 38 API calls 74624->74626 74625->74627 74626->74627 74627->74360 74628->74367 74629->74627 74631 140042d92 74630->74631 74634 140042d53 memcpy_s 74630->74634 74661 140047f30 74631->74661 74633 140042dab 74633->74379 74634->74379 74635->74382 74637 14006f8e5 74636->74637 74640 14006f850 memcpy_s 74636->74640 74675 1400734c0 39 API calls 4 library calls 74637->74675 74639 14006f8fa 74639->74385 74640->74385 74642 1400475da 74641->74642 74646 1400474c9 74641->74646 74676 14002b8e0 38 API calls 74642->74676 74643 14004752e 74647 1400ad148 std::_Facet_Register 38 API calls 74643->74647 74645 1400475df 74677 14002b820 38 API calls 2 library calls 74645->74677 74646->74643 74648 140047521 74646->74648 74649 14004755d 74646->74649 74652 140047514 memcpy_s 74646->74652 74647->74652 74648->74643 74648->74645 74651 1400ad148 std::_Facet_Register 38 API calls 74649->74651 74651->74652 74653 14004764c 74652->74653 74654 1400476a5 74652->74654 74655 14004769a 74652->74655 74660 1400475a7 memcpy_s _Receive_impl 74652->74660 74656 1400ad148 std::_Facet_Register 38 API calls 74653->74656 74658 1400ad148 std::_Facet_Register 38 API calls 74654->74658 74655->74653 74657 1400476df 74655->74657 74656->74660 74678 14002b820 38 API calls 2 library calls 74657->74678 74658->74660 74660->74379 74662 1400480a6 74661->74662 74665 140047f68 74661->74665 74673 14002b8e0 38 API calls 74662->74673 74664 1400480ab 74674 14002b820 38 API calls 2 library calls 74664->74674 74668 140047fc0 74665->74668 74669 140047ffc 74665->74669 74670 140047fcd 74665->74670 74672 140047fb3 memcpy_s _Receive_impl 74665->74672 74666 1400ad148 std::_Facet_Register 38 API calls 74666->74672 74668->74664 74668->74670 74671 1400ad148 std::_Facet_Register 38 API calls 74669->74671 74670->74666 74671->74672 74672->74633 74674->74672 74675->74639 74677->74652 74678->74660 74680 140084fc0 GetUserNameW 74679->74680 74680->74395 74680->74396 74682 140084240 74681->74682 74682->74682 74683 140084257 InternetOpenA 74682->74683 74684 140084315 InternetOpenUrlA 74683->74684 74697 140084282 74683->74697 74686 140084389 HttpQueryInfoW 74684->74686 74684->74697 74687 1400843ef HttpQueryInfoW 74686->74687 74688 1400843b6 74686->74688 74690 14008444c 74687->74690 74691 140084478 InternetQueryDataAvailable 74687->74691 74688->74687 74689 1400ad120 _Strcoll 3 API calls 74692 1400842fa 74689->74692 74711 140092e10 36 API calls ProcessCodePage 74690->74711 74693 140084673 InternetCloseHandle 74691->74693 74702 140084494 74691->74702 74692->74411 74693->74697 74695 14008445d 74695->74691 74700 1400474a0 38 API calls 74695->74700 74696 14008470f 74712 14002b820 38 API calls 2 library calls 74696->74712 74697->74696 74705 1400842d6 _Receive_impl 74697->74705 74699 140084539 InternetReadFile 74707 1400844ee memcpy_s _Receive_impl 74699->74707 74709 14008462d _Receive_impl 74699->74709 74703 14008446e 74700->74703 74701 140084720 74702->74693 74702->74696 74702->74699 74706 1400ad148 std::_Facet_Register 38 API calls 74702->74706 74702->74707 74703->74691 74704 1400ad148 std::_Facet_Register 38 API calls 74704->74707 74705->74689 74706->74702 74707->74696 74707->74699 74707->74702 74707->74704 74708 140047f30 38 API calls 74707->74708 74707->74709 74710 140084606 InternetQueryDataAvailable 74707->74710 74708->74707 74709->74693 74709->74696 74710->74693 74710->74707 74711->74695 74712->74701 74715 14004199e 74713->74715 74716 1400419ea 74715->74716 74719 140041a42 74715->74719 74720 1400419ba memcpy_s 74715->74720 74724 140041a7d 74715->74724 74718 1400ad148 std::_Facet_Register 38 API calls 74716->74718 74721 140041a00 74716->74721 74718->74721 74722 1400ad148 std::_Facet_Register 38 API calls 74719->74722 74720->74418 74721->74720 74725 14002b820 38 API calls 2 library calls 74721->74725 74722->74720 74726 14002b8e0 38 API calls 74724->74726 74725->74724 74728 140046ca6 74727->74728 74729 140046db3 74728->74729 74730 140046cec 74728->74730 74736 140046d5f 74728->74736 74760 14002b9e0 38 API calls 74729->74760 74732 1400ad148 std::_Facet_Register 38 API calls 74730->74732 74734 140046d0a 74732->74734 74750 1400427b0 74734->74750 74736->74426 74737->74423 74738->74430 74740 140046a57 74739->74740 74762 14002ebf0 74740->74762 74742 140046a95 74751 140042906 74750->74751 74752 1400427e3 74750->74752 74751->74752 74753 140042913 74751->74753 74754 1400ad120 _Strcoll 3 API calls 74752->74754 74761 1400477c0 38 API calls 3 library calls 74753->74761 74755 140042812 74754->74755 74755->74736 74757 140042934 74758 1400af748 Concurrency::cancel_current_task RaiseException 74757->74758 74759 140042945 74758->74759 74761->74757 74764 14002ec2b 74762->74764 74763 14002ed21 74766 140042d30 38 API calls 74763->74766 74764->74763 74765 1400474a0 38 API calls 74764->74765 74765->74763 74767 14002ed3a 74766->74767 74768 140042d30 38 API calls 74767->74768 74769 14002ed53 74768->74769 74770 14002ed60 74769->74770 74800 140047c10 38 API calls 4 library calls 74769->74800 74772 140042d30 38 API calls 74770->74772 74773 14002edaa 74772->74773 74774 140042d30 38 API calls 74773->74774 74775 14002edbf 74774->74775 74776 14002ee03 _Receive_impl 74775->74776 74778 14002ee3c 74775->74778 74777 1400ad120 _Strcoll 3 API calls 74776->74777 74779 14002ee28 74777->74779 74801 1400af090 7 API calls _Yarn 74778->74801 74779->74742 74781 14002ee85 74800->74770 74801->74781 74806 14003f1b1 74805->74806 74807 14003f17f _Receive_impl 74805->74807 74807->74806 74808 140048280 38 API calls 74807->74808 74809 140058710 38 API calls 74807->74809 74808->74807 74809->74807 74811->74455 74813->74453 74815 1400482d1 74814->74815 74818 14004829c _Receive_impl 74814->74818 74815->74466 74816 140048280 38 API calls 74816->74818 74817 140058710 38 API calls 74817->74818 74818->74815 74818->74816 74818->74817 74825 1400409e0 74819->74825 74821 140058727 _Receive_impl 74821->74466 74822->74457 74823->74461 74826 140042fb0 38 API calls 74825->74826 74827 1400409f8 74826->74827 74827->74821 75116->74540 75117->74306 75119 1400427b0 38 API calls 75118->75119 75120 14006ef76 75119->75120 75127 1400713b0 75120->75127 75124 14006f001 75124->74310 75125->74314 75126->74316 75128 1400713f4 75127->75128 75192 14009320c 75128->75192 75132 14006eff5 75133 14006f1c0 75132->75133 75134 14006f4d1 75133->75134 75138 14006f20b memcpy_s 75133->75138 75229 140072610 38 API calls 2 library calls 75134->75229 75136 14006f504 75137 14006f910 38 API calls 75136->75137 75143 14006f510 75137->75143 75221 14004a4b0 38 API calls 75138->75221 75140 14006f25b 75222 140071740 38 API calls 2 library calls 75140->75222 75142 1400427b0 38 API calls 75147 14006f6cc 75142->75147 75188 14006f618 _Receive_impl 75143->75188 75230 14004a680 38 API calls _Receive_impl 75143->75230 75144 14006f4cc _Receive_impl 75149 1400ad120 _Strcoll 3 API calls 75144->75149 75145 14006f26b 75146 14006f910 38 API calls 75145->75146 75160 14006f277 75146->75160 75150 140042fb0 38 API calls 75147->75150 75152 14006f75c 75149->75152 75156 14006f706 75150->75156 75151 14006f55d 75231 1400509f0 38 API calls 4 library calls 75151->75231 75152->75124 75154 14006f465 75159 14006f4bf 75154->75159 75164 1400427b0 38 API calls 75154->75164 75155 14006f41d 75158 1400427b0 38 API calls 75155->75158 75156->75144 75161 14006f7b0 75156->75161 75157 14006f583 75232 14004ac00 38 API calls _Strcoll 75157->75232 75163 14006f438 75158->75163 75228 14004a2d0 38 API calls _Receive_impl 75159->75228 75190 14006f404 _Receive_impl 75160->75190 75223 14004a680 38 API calls _Receive_impl 75160->75223 75235 140042e50 37 API calls 75161->75235 75172 140042fb0 38 API calls 75163->75172 75164->75163 75168 14006f2c3 75224 1400509f0 38 API calls 4 library calls 75168->75224 75169 14006f7c8 75173 1400af748 Concurrency::cancel_current_task RaiseException 75169->75173 75172->75159 75186 14006f7d8 75173->75186 75175 14006f7f7 75179 1400af748 Concurrency::cancel_current_task RaiseException 75175->75179 75176 14006f2e9 75225 14004ac00 38 API calls _Strcoll 75176->75225 75177 14006f592 _Receive_impl 75184 14006f807 75177->75184 75177->75186 75233 1400af090 7 API calls _Yarn 75177->75233 75178 14006f60a 75234 1400af090 7 API calls _Yarn 75178->75234 75179->75184 75182 14006f2f9 75182->75161 75183 14006f30e _Receive_impl 75182->75183 75183->75186 75226 1400af090 7 API calls _Yarn 75183->75226 75236 140042e50 37 API calls 75186->75236 75187 14006f379 75227 1400af090 7 API calls _Yarn 75187->75227 75188->75142 75188->75156 75188->75161 75188->75184 75190->75154 75190->75155 75191 14006f387 _Receive_impl 75191->75186 75191->75190 75193 1400987ac _Getctype 36 API calls 75192->75193 75194 140093215 75193->75194 75195 14009aa38 _Getctype 36 API calls 75194->75195 75196 1400714cc 75195->75196 75197 14006f910 75196->75197 75198 14006f933 75197->75198 75202 14006f980 75197->75202 75216 140071080 38 API calls 75198->75216 75201 14006f938 75201->75202 75217 140071080 38 API calls 75201->75217 75219 14006fc70 38 API calls 75202->75219 75204 14006fab7 75208 1400ad120 _Strcoll 3 API calls 75204->75208 75205 14006f947 75206 14006f95d 75205->75206 75218 140071080 38 API calls 75205->75218 75211 1400ad120 _Strcoll 3 API calls 75206->75211 75207 140071080 38 API calls 75210 14006f9c1 75207->75210 75212 14006fbb5 75208->75212 75210->75204 75210->75207 75220 14006fc70 38 API calls 75210->75220 75214 14006f97a 75211->75214 75212->75132 75213 14006f956 75213->75202 75213->75206 75214->75132 75216->75201 75217->75205 75218->75213 75219->75210 75220->75210 75221->75140 75222->75145 75223->75168 75224->75176 75225->75182 75226->75187 75227->75191 75228->75144 75229->75136 75230->75151 75231->75157 75232->75177 75233->75178 75234->75188 75235->75169 75236->75175 75237 140097a4c 75238 140097a7d 75237->75238 75239 140097a62 75237->75239 75238->75239 75241 140097a96 75238->75241 75266 140093728 6 API calls memcpy_s 75239->75266 75243 140097a9c 75241->75243 75245 140097ab9 75241->75245 75242 140097a67 75267 140096af4 36 API calls _invalid_parameter_noinfo 75242->75267 75268 140093728 6 API calls memcpy_s 75243->75268 75261 1400a1c90 75245->75261 75251 140097d33 75256 140097b16 75258 140097a73 75256->75258 75287 1400a1cd4 36 API calls _isindst 75256->75287 75257 140097b76 75257->75258 75288 1400a1cd4 36 API calls _isindst 75257->75288 75262 140097abe 75261->75262 75264 1400a1c9f 75261->75264 75269 1400a0da8 75262->75269 75263 1400a1cb8 75264->75263 75289 1400a1b00 75264->75289 75266->75242 75267->75258 75268->75258 75270 1400a0db1 75269->75270 75271 140097ad3 75269->75271 75373 140093728 6 API calls memcpy_s 75270->75373 75271->75251 75275 1400a0dd8 75271->75275 75273 1400a0db6 75374 140096af4 36 API calls _invalid_parameter_noinfo 75273->75374 75276 1400a0de1 75275->75276 75277 140097ae4 75275->75277 75375 140093728 6 API calls memcpy_s 75276->75375 75277->75251 75281 1400a0e08 75277->75281 75279 1400a0de6 75376 140096af4 36 API calls _invalid_parameter_noinfo 75279->75376 75282 1400a0e11 75281->75282 75283 140097af5 75281->75283 75377 140093728 6 API calls memcpy_s 75282->75377 75283->75251 75283->75256 75283->75257 75285 1400a0e16 75378 140096af4 36 API calls _invalid_parameter_noinfo 75285->75378 75287->75258 75288->75258 75311 1400aa344 75289->75311 75291 1400a1b57 75293 14009d17c wcsftime 6 API calls 75291->75293 75308 1400a1b6c 75291->75308 75310 1400a1b5b 75291->75310 75292 1400a1c00 75360 1400a16fc 44 API calls 7 library calls 75292->75360 75297 1400a1bae 75293->75297 75294 1400a1b74 75298 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75294->75298 75300 1400a1bb6 75297->75300 75301 1400aa344 wcsftime 41 API calls 75297->75301 75302 1400a1b7c 75298->75302 75299 1400a1c08 75299->75294 75305 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75300->75305 75303 1400a1bd8 75301->75303 75304 1400ad120 _Strcoll 3 API calls 75302->75304 75303->75300 75306 1400a1be1 75303->75306 75307 1400a1b8c 75304->75307 75305->75308 75309 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75306->75309 75307->75263 75308->75294 75320 1400a1978 75308->75320 75309->75310 75310->75292 75310->75308 75315 1400aa24c 75311->75315 75312 1400aa283 75361 140093728 6 API calls memcpy_s 75312->75361 75314 1400aa288 75362 140096af4 36 API calls _invalid_parameter_noinfo 75314->75362 75315->75311 75315->75312 75318 1400aa294 75315->75318 75363 1400aa1b4 41 API calls wcsftime 75315->75363 75364 1400a6898 36 API calls 2 library calls 75315->75364 75318->75291 75321 1400a198c wcsftime 75320->75321 75322 1400a0e08 _get_daylight 36 API calls 75321->75322 75323 1400a19ab 75322->75323 75324 1400a0da8 _get_daylight 36 API calls 75323->75324 75326 1400a1aeb 75323->75326 75325 1400a19bc 75324->75325 75325->75326 75328 1400a0dd8 _get_daylight 36 API calls 75325->75328 75327 1400aa344 wcsftime 41 API calls 75326->75327 75329 1400a1b57 75327->75329 75330 1400a19cd 75328->75330 75331 1400a1b5b 75329->75331 75334 1400a1b6c 75329->75334 75337 14009d17c wcsftime 6 API calls 75329->75337 75330->75326 75332 1400a19d5 75330->75332 75331->75334 75336 1400a1c00 75331->75336 75333 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75332->75333 75335 1400a19e1 GetTimeZoneInformation 75333->75335 75338 1400a1b74 75334->75338 75339 1400a1978 wcsftime 43 API calls 75334->75339 75353 1400a1ac0 wcsftime 75335->75353 75354 1400a19fe memcpy_s 75335->75354 75372 1400a16fc 44 API calls 7 library calls 75336->75372 75341 1400a1bae 75337->75341 75342 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75338->75342 75339->75338 75344 1400a1bb6 75341->75344 75345 1400aa344 wcsftime 41 API calls 75341->75345 75346 1400a1b7c 75342->75346 75343 1400a1c08 75343->75338 75349 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75344->75349 75347 1400a1bd8 75345->75347 75348 1400ad120 _Strcoll 3 API calls 75346->75348 75347->75344 75350 1400a1be1 75347->75350 75351 1400a1b8c 75348->75351 75349->75334 75352 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75350->75352 75351->75294 75352->75331 75353->75294 75365 1400a5264 75354->75365 75358 1400a1aa9 75371 1400a1c10 44 API calls wcsftime 75358->75371 75360->75299 75361->75314 75362->75318 75363->75315 75364->75315 75366 1400987ac _Getctype 36 API calls 75365->75366 75367 1400a526d 75366->75367 75368 14009aa38 _Getctype 36 API calls 75367->75368 75369 1400a1a92 75368->75369 75370 1400a1c10 44 API calls wcsftime 75369->75370 75370->75358 75371->75353 75372->75343 75373->75273 75374->75271 75375->75279 75376->75277 75377->75285 75378->75283 75379 14003fab0 75380 14003fac8 75379->75380 75384 14003fad4 memcpy_s 75379->75384 75381 14003fae5 memcpy_s 75382 14003fc1e 75382->75381 75385 140096304 _fread_nolock 41 API calls 75382->75385 75384->75381 75384->75382 75386 140096304 75384->75386 75385->75381 75389 140096324 75386->75389 75388 14009631c 75388->75384 75390 14009634e 75389->75390 75391 14009637d 75389->75391 75390->75391 75392 14009635d memcpy_s 75390->75392 75394 14009639a 75390->75394 75391->75388 75413 140093728 6 API calls memcpy_s 75392->75413 75398 1400960a4 75394->75398 75395 140096372 75414 140096af4 36 API calls _invalid_parameter_noinfo 75395->75414 75401 1400960d3 memcpy_s 75398->75401 75404 1400960ed 75398->75404 75399 1400960dd 75435 140093728 6 API calls memcpy_s 75399->75435 75401->75399 75401->75404 75410 140096142 memcpy_s 75401->75410 75404->75391 75405 1400962c5 memcpy_s 75503 140093728 6 API calls memcpy_s 75405->75503 75406 1400981cc _fread_nolock 36 API calls 75406->75410 75408 1400960e2 75436 140096af4 36 API calls _invalid_parameter_noinfo 75408->75436 75410->75404 75410->75405 75410->75406 75415 14009c188 75410->75415 75437 140093728 6 API calls memcpy_s 75410->75437 75438 140096af4 36 API calls _invalid_parameter_noinfo 75410->75438 75439 14009f1ec 75410->75439 75413->75395 75414->75391 75416 14009c1a5 75415->75416 75420 14009c1d0 75415->75420 75534 140093728 6 API calls memcpy_s 75416->75534 75418 14009c1aa 75535 140096af4 36 API calls _invalid_parameter_noinfo 75418->75535 75421 14009c20c 75420->75421 75427 14009c1b5 75420->75427 75504 14009ebd8 75420->75504 75422 1400981cc _fread_nolock 36 API calls 75421->75422 75424 14009c21e 75422->75424 75509 14009f0cc 75424->75509 75426 14009c22b 75426->75427 75428 1400981cc _fread_nolock 36 API calls 75426->75428 75427->75410 75429 14009c260 75428->75429 75429->75427 75430 1400981cc _fread_nolock 36 API calls 75429->75430 75431 14009c26c 75430->75431 75431->75427 75432 1400981cc _fread_nolock 36 API calls 75431->75432 75433 14009c279 75432->75433 75434 1400981cc _fread_nolock 36 API calls 75433->75434 75434->75427 75435->75408 75436->75404 75437->75410 75438->75410 75440 14009f22d 75439->75440 75441 14009f214 75439->75441 75443 14009f607 75440->75443 75447 14009f278 75440->75447 75553 140093708 6 API calls memcpy_s 75441->75553 75568 140093708 6 API calls memcpy_s 75443->75568 75444 14009f219 75554 140093728 6 API calls memcpy_s 75444->75554 75449 14009f281 75447->75449 75453 14009f222 75447->75453 75455 14009f2b2 75447->75455 75448 14009f60c 75569 140093728 6 API calls memcpy_s 75448->75569 75555 140093708 6 API calls memcpy_s 75449->75555 75452 14009f28d 75570 140096af4 36 API calls _invalid_parameter_noinfo 75452->75570 75453->75410 75454 14009f286 75556 140093728 6 API calls memcpy_s 75454->75556 75458 14009f2d9 75455->75458 75459 14009f313 75455->75459 75460 14009f2e6 75455->75460 75458->75460 75467 14009f302 75458->75467 75462 14009d17c wcsftime 6 API calls 75459->75462 75557 140093708 6 API calls memcpy_s 75460->75557 75464 14009f324 75462->75464 75463 14009f2eb 75558 140093728 6 API calls memcpy_s 75463->75558 75468 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75464->75468 75545 1400a822c 75467->75545 75469 14009f32e 75468->75469 75472 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75469->75472 75470 14009f2f2 75559 140096af4 36 API calls _invalid_parameter_noinfo 75470->75559 75475 14009f335 75472->75475 75474 14009f4ae 75476 14009f4b3 ReadFile 75474->75476 75478 14009f33d 75475->75478 75479 14009f358 75475->75479 75480 14009f4d9 75476->75480 75481 14009f5cd __std_fs_get_current_path 75476->75481 75477 14009f441 GetConsoleMode 75477->75474 75482 14009f455 75477->75482 75560 140093728 6 API calls memcpy_s 75478->75560 75562 14009f8ac 36 API calls 2 library calls 75479->75562 75480->75481 75484 14009f4a2 75480->75484 75489 14009f483 __std_fs_get_current_path 75481->75489 75490 14009f5d8 75481->75490 75482->75476 75486 14009f45f ReadConsoleW 75482->75486 75493 14009f2fd 75484->75493 75494 14009f512 75484->75494 75495 14009f537 75484->75495 75486->75484 75486->75489 75487 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75487->75453 75488 14009f342 75561 140093708 6 API calls memcpy_s 75488->75561 75489->75493 75563 14009369c 6 API calls 2 library calls 75489->75563 75566 140093728 6 API calls memcpy_s 75490->75566 75493->75487 75564 14009ee04 37 API calls 4 library calls 75494->75564 75495->75493 75499 14009f5bb 75495->75499 75496 14009f5dd 75567 140093708 6 API calls memcpy_s 75496->75567 75565 14009ec44 37 API calls _fread_nolock 75499->75565 75502 14009f5c8 75502->75493 75503->75408 75505 14009c2f0 memcpy_s 6 API calls 75504->75505 75506 14009ebfc 75505->75506 75507 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75506->75507 75508 14009ec07 75507->75508 75508->75421 75510 14009f0f6 75509->75510 75513 14009f126 75509->75513 75536 140093708 6 API calls memcpy_s 75510->75536 75512 14009f0fb 75537 140093728 6 API calls memcpy_s 75512->75537 75514 14009f13f 75513->75514 75517 14009f17d 75513->75517 75538 140093708 6 API calls memcpy_s 75514->75538 75519 14009f19b 75517->75519 75520 14009f186 75517->75520 75518 14009f144 75539 140093728 6 API calls memcpy_s 75518->75539 75525 14009f1cd 75519->75525 75526 14009f1b8 75519->75526 75541 140093708 6 API calls memcpy_s 75520->75541 75523 14009f14c 75540 140096af4 36 API calls _invalid_parameter_noinfo 75523->75540 75524 14009f18b 75542 140093728 6 API calls memcpy_s 75524->75542 75530 14009f1ec _fread_nolock 41 API calls 75525->75530 75543 140093728 6 API calls memcpy_s 75526->75543 75532 14009f103 75530->75532 75531 14009f1bd 75544 140093708 6 API calls memcpy_s 75531->75544 75532->75426 75534->75418 75535->75427 75536->75512 75537->75532 75538->75518 75539->75523 75540->75532 75541->75524 75542->75523 75543->75531 75544->75532 75546 1400a8235 75545->75546 75548 1400a8242 75545->75548 75571 140093728 6 API calls memcpy_s 75546->75571 75549 14009f422 75548->75549 75572 140093728 6 API calls memcpy_s 75548->75572 75549->75474 75549->75477 75551 1400a8279 75573 140096af4 36 API calls _invalid_parameter_noinfo 75551->75573 75553->75444 75554->75453 75555->75454 75556->75452 75557->75463 75558->75470 75559->75493 75560->75488 75561->75493 75562->75467 75563->75493 75564->75493 75565->75502 75566->75496 75567->75493 75568->75448 75569->75452 75570->75453 75571->75549 75572->75551 75573->75549 75574 1400ad888 75575 1400ad898 75574->75575 75589 1400bc768 75575->75589 75577 1400ad8a4 75595 1400ad2cc 75577->75595 75580 1400ad8bc _RTC_Initialize 75587 1400ad911 75580->75587 75600 1400ad47c 75580->75600 75581 1400ad93d 75583 1400ad8d1 75603 1400bc3c8 75583->75603 75585 1400ad8dd 75585->75587 75635 1400990b8 75585->75635 75588 1400ad92d 75587->75588 75642 1400adb78 3 API calls 4 library calls 75587->75642 75590 1400bc779 75589->75590 75591 1400bc781 75590->75591 75643 140093728 6 API calls memcpy_s 75590->75643 75591->75577 75593 1400bc790 75644 140096af4 36 API calls _invalid_parameter_noinfo 75593->75644 75596 1400ad2dd 75595->75596 75599 1400ad2e2 __scrt_release_startup_lock 75595->75599 75596->75599 75645 1400adb78 3 API calls 4 library calls 75596->75645 75598 1400ad356 75599->75580 75646 1400ad440 75600->75646 75602 1400ad485 75602->75583 75604 1400bc3e8 75603->75604 75613 1400bc3ff 75603->75613 75605 1400bc3f0 75604->75605 75606 1400bc406 75604->75606 75651 140093728 6 API calls memcpy_s 75605->75651 75607 1400a4da4 48 API calls 75606->75607 75610 1400bc40b 75607->75610 75609 1400bc3f5 75652 140096af4 36 API calls _invalid_parameter_noinfo 75609->75652 75653 1400bd40c 37 API calls 3 library calls 75610->75653 75613->75585 75614 1400bc422 75654 1400bc1a0 36 API calls 75614->75654 75616 1400bc45f 75655 1400bc368 6 API calls 2 library calls 75616->75655 75618 1400bc475 75619 1400bc47d 75618->75619 75620 1400bc495 75618->75620 75656 140093728 6 API calls memcpy_s 75619->75656 75657 1400bc1a0 36 API calls 75620->75657 75623 1400bc482 75624 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75623->75624 75626 1400bc490 75624->75626 75625 1400bc4b7 75627 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75625->75627 75626->75613 75627->75613 75628 1400bc4b1 75628->75625 75629 1400bc4fc 75628->75629 75630 1400bc4e3 75628->75630 75632 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75629->75632 75631 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75630->75631 75633 1400bc4ec 75631->75633 75632->75625 75634 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 75633->75634 75634->75626 75636 1400987ac _Getctype 36 API calls 75635->75636 75637 1400990c5 75636->75637 75638 1400990f9 75637->75638 75658 140093728 6 API calls memcpy_s 75637->75658 75638->75587 75640 1400990ee 75659 140096af4 36 API calls _invalid_parameter_noinfo 75640->75659 75642->75581 75643->75593 75644->75591 75645->75598 75647 1400ad45a 75646->75647 75649 1400ad453 75646->75649 75650 1400aa79c 7 API calls 75647->75650 75649->75602 75650->75649 75651->75609 75652->75613 75653->75614 75654->75616 75655->75618 75656->75623 75657->75628 75658->75640 75659->75638 75660 14008b707 75661 14008b711 75660->75661 75666 14008bc00 75661->75666 75664 1400ad120 _Strcoll 3 API calls 75665 14008ba63 75664->75665 75668 14008bc3f 75666->75668 75673 14008b720 75666->75673 75667 14008beb8 75687 14002b900 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 75667->75687 75668->75667 75677 14008be3d 75668->75677 75685 140042d30 38 API calls 75668->75685 75686 14002b5b0 36 API calls 75668->75686 75671 14008bed9 75688 14008d310 38 API calls 75671->75688 75673->75664 75674 14008beef 75675 140046a00 38 API calls 75674->75675 75676 14008bf02 75675->75676 75678 1400af748 Concurrency::cancel_current_task RaiseException 75676->75678 75677->75673 75689 14008d3f0 38 API calls 75677->75689 75678->75677 75680 14008bf3a 75681 140046a00 38 API calls 75680->75681 75682 14008bf4d 75681->75682 75683 1400af748 Concurrency::cancel_current_task RaiseException 75682->75683 75684 14008bf5e 75683->75684 75685->75668 75686->75668 75687->75671 75688->75674 75689->75680 75690 140098368 75691 1400981cc _fread_nolock 36 API calls 75690->75691 75693 140098387 75691->75693 75692 1400983c8 75695 140098409 75692->75695 75696 14009838f 75692->75696 75713 14009d028 36 API calls 2 library calls 75692->75713 75693->75692 75693->75696 75712 1400982ec 36 API calls ProcessCodePage 75693->75712 75701 1400981f4 75695->75701 75699 1400983fd 75699->75695 75700 14009ebd8 _fread_nolock 6 API calls 75699->75700 75700->75695 75702 1400981cc _fread_nolock 36 API calls 75701->75702 75703 140098219 75702->75703 75704 1400982ba 75703->75704 75705 140098229 75703->75705 75723 14009b6d8 36 API calls 2 library calls 75704->75723 75707 140098247 75705->75707 75709 140098265 75705->75709 75722 14009b6d8 36 API calls 2 library calls 75707->75722 75710 140098255 75709->75710 75714 14009f808 75709->75714 75710->75696 75712->75692 75713->75699 75715 14009f838 75714->75715 75724 14009f63c 75715->75724 75717 14009f851 75719 14009f877 75717->75719 75731 14008e124 36 API calls 3 library calls 75717->75731 75721 14009f88c 75719->75721 75732 14008e124 36 API calls 3 library calls 75719->75732 75721->75710 75722->75710 75723->75710 75725 14009f665 75724->75725 75726 14009f693 75724->75726 75725->75717 75727 14009f6ac 75726->75727 75729 14009f703 75726->75729 75738 140096a28 36 API calls _invalid_parameter_noinfo 75727->75738 75729->75725 75733 14009f75c 75729->75733 75731->75719 75732->75721 75739 1400a4128 75733->75739 75736 14009f79a SetFilePointerEx 75737 14009f789 __std_fs_get_current_path _fread_nolock 75736->75737 75737->75725 75738->75725 75740 1400a4131 75739->75740 75741 1400a4146 75739->75741 75751 140093708 6 API calls memcpy_s 75740->75751 75749 14009f783 75741->75749 75753 140093708 6 API calls memcpy_s 75741->75753 75744 1400a4136 75752 140093728 6 API calls memcpy_s 75744->75752 75745 1400a4181 75754 140093728 6 API calls memcpy_s 75745->75754 75748 1400a4189 75755 140096af4 36 API calls _invalid_parameter_noinfo 75748->75755 75749->75736 75749->75737 75751->75744 75752->75749 75753->75745 75754->75748 75755->75749 75756 14005104b 75860 140059670 75756->75860 75758 140051375 75759 1400ad120 _Strcoll 3 API calls 75758->75759 75760 140051a26 75759->75760 75761 140051288 75878 14004b500 75761->75878 75763 14004b500 38 API calls 75767 140050eae 75763->75767 75764 140051290 75768 1400516cc 75764->75768 75769 14005129c 75764->75769 75765 1400514ad 75912 14004a680 38 API calls _Receive_impl 75765->75912 75766 140051562 75916 14004a680 38 API calls _Receive_impl 75766->75916 75767->75758 75767->75761 75767->75763 75767->75765 75767->75766 75776 1400538c0 38 API calls 75767->75776 75924 14004a680 38 API calls _Receive_impl 75768->75924 75896 140053480 75769->75896 75773 1400514ed 75913 1400509f0 38 API calls 4 library calls 75773->75913 75774 1400515a2 75917 1400509f0 38 API calls 4 library calls 75774->75917 75775 1400512b4 75780 14004b500 38 API calls 75775->75780 75776->75767 75784 1400512c0 75780->75784 75781 140051513 75914 14004ac00 38 API calls _Strcoll 75781->75914 75782 1400515c8 75918 14004ac00 38 API calls _Strcoll 75782->75918 75783 14005170c 75925 1400509f0 38 API calls 4 library calls 75783->75925 75788 140051617 75784->75788 75789 1400512cc 75784->75789 75920 14004a680 38 API calls _Receive_impl 75788->75920 75793 14004b500 38 API calls 75789->75793 75790 140051523 75794 140051532 75790->75794 75795 140051ab0 75790->75795 75791 1400515d8 75796 1400515e7 75791->75796 75797 140051acd 75791->75797 75792 140051732 75926 14004ac00 38 API calls _Strcoll 75792->75926 75814 1400512d4 75793->75814 75915 14002eec0 7 API calls __std_exception_destroy 75794->75915 75931 140042e50 37 API calls 75795->75931 75919 14002eec0 7 API calls __std_exception_destroy 75796->75919 75932 140042e50 37 API calls 75797->75932 75801 140051742 75806 140051b07 75801->75806 75807 140051751 75801->75807 75803 140051abd 75808 1400af748 Concurrency::cancel_current_task RaiseException 75803->75808 75804 140051ada 75809 1400af748 Concurrency::cancel_current_task RaiseException 75804->75809 75805 140051657 75921 1400509f0 38 API calls 4 library calls 75805->75921 75934 140042e50 37 API calls 75806->75934 75927 14002eec0 7 API calls __std_exception_destroy 75807->75927 75808->75797 75815 140051aea 75809->75815 75908 14004a680 38 API calls _Receive_impl 75814->75908 75933 140042e50 37 API calls 75815->75933 75816 14005167d 75922 14004ac00 38 API calls _Strcoll 75816->75922 75817 140051b14 75818 1400af748 Concurrency::cancel_current_task RaiseException 75817->75818 75822 140051b24 75818->75822 75935 140042e50 37 API calls 75822->75935 75823 14005131c 75909 1400509f0 38 API calls 4 library calls 75823->75909 75825 14005168d 75825->75815 75828 14005169c 75825->75828 75827 140051af7 75831 1400af748 Concurrency::cancel_current_task RaiseException 75827->75831 75923 14002eec0 7 API calls __std_exception_destroy 75828->75923 75829 140051342 75910 14004ac00 38 API calls _Strcoll 75829->75910 75831->75806 75833 140051b31 75835 1400af748 Concurrency::cancel_current_task RaiseException 75833->75835 75834 140051352 75837 140051361 75834->75837 75838 140051a5a 75834->75838 75839 140051b41 75835->75839 75911 14002eec0 7 API calls __std_exception_destroy 75837->75911 75928 140042e50 37 API calls 75838->75928 75936 140042e50 37 API calls 75839->75936 75841 140051a66 75843 1400af748 Concurrency::cancel_current_task RaiseException 75841->75843 75846 140051a76 75843->75846 75845 140051b4e 75847 1400af748 Concurrency::cancel_current_task RaiseException 75845->75847 75929 140042e50 37 API calls 75846->75929 75848 140051b5e 75847->75848 75937 140042e50 37 API calls 75848->75937 75851 140051a83 75853 1400af748 Concurrency::cancel_current_task RaiseException 75851->75853 75852 140051b6b 75854 1400af748 Concurrency::cancel_current_task RaiseException 75852->75854 75855 140051a93 75853->75855 75858 140051b7b 75854->75858 75930 140053330 37 API calls 75855->75930 75857 140051aa0 75859 1400af748 Concurrency::cancel_current_task RaiseException 75857->75859 75858->75858 75859->75795 75861 140059705 75860->75861 75862 140059690 75860->75862 75864 140059777 75861->75864 75865 14005970f 75861->75865 75863 140042fb0 38 API calls 75862->75863 75866 1400596b5 75863->75866 75869 140042fb0 38 API calls 75864->75869 75867 140059744 75865->75867 75868 14005971d 75865->75868 75871 140042fb0 38 API calls 75866->75871 75938 140060f90 38 API calls 2 library calls 75867->75938 75872 140042fb0 38 API calls 75868->75872 75870 14005979c 75869->75870 75874 140042fb0 38 API calls 75870->75874 75875 1400596f1 75871->75875 75876 140059736 75872->75876 75877 1400597d9 75874->75877 75875->75767 75876->75767 75877->75767 75879 14004b523 75878->75879 75883 14004b570 75878->75883 75880 14004d100 38 API calls 75879->75880 75882 14004b528 75880->75882 75881 14004d100 38 API calls 75881->75883 75882->75883 75884 14004d100 38 API calls 75882->75884 75883->75881 75894 14004b5c3 75883->75894 75885 14004b537 75884->75885 75886 14004b54d 75885->75886 75887 14004d100 38 API calls 75885->75887 75888 1400ad120 _Strcoll 3 API calls 75886->75888 75890 14004b546 75887->75890 75891 14004b56a 75888->75891 75889 14004b6c8 75892 1400ad120 _Strcoll 3 API calls 75889->75892 75890->75883 75890->75886 75891->75764 75893 14004b81b 75892->75893 75893->75764 75894->75889 75895 14004d100 38 API calls 75894->75895 75895->75894 75897 1400534a5 75896->75897 75898 1400534d8 75897->75898 75899 140053581 75897->75899 75907 140053530 75897->75907 75900 1400ad148 std::_Facet_Register 38 API calls 75898->75900 75939 14002b9e0 38 API calls 75899->75939 75902 1400534fc 75900->75902 75904 140041970 38 API calls 75902->75904 75905 140053518 75904->75905 75906 1400427b0 38 API calls 75905->75906 75906->75907 75907->75775 75908->75823 75909->75829 75910->75834 75911->75758 75912->75773 75913->75781 75914->75790 75915->75758 75916->75774 75917->75782 75918->75791 75919->75758 75920->75805 75921->75816 75922->75825 75923->75758 75924->75783 75925->75792 75926->75801 75927->75758 75928->75841 75929->75851 75930->75857 75931->75803 75932->75804 75933->75827 75934->75817 75935->75833 75936->75845 75937->75852 75938->75876 75940 140085c7b RegOpenKeyExA 75941 140085ca5 RegQueryValueExA 75940->75941 75947 140085ce4 _Receive_impl 75940->75947 75941->75947 75942 140085d7a 75945 1400ad120 _Strcoll 3 API calls 75942->75945 75943 140085d74 RegCloseKey 75943->75942 75946 140085d8d 75945->75946 75947->75942 75947->75943 75948 14008b17b 75949 14008b1a1 75948->75949 75964 14008b18c 75948->75964 75950 14008b1aa 75949->75950 75965 14008b36f 75949->75965 75952 1400417a0 38 API calls 75950->75952 75968 14008b202 75950->75968 75951 14008b41f 75955 14008bc00 38 API calls 75951->75955 75952->75968 75953 1400ad120 _Strcoll 3 API calls 75954 14008ba63 75953->75954 75957 14008b438 75955->75957 75956 14008bc00 38 API calls 75956->75965 75960 14008b120 3 API calls 75957->75960 75958 14008b2d2 75959 14008bc00 38 API calls 75958->75959 75963 14008b30b 75959->75963 75960->75964 75961 14008b120 3 API calls 75961->75965 75962 14008bc00 38 API calls 75962->75968 75967 14008b120 3 API calls 75963->75967 75964->75953 75965->75951 75965->75956 75965->75961 75967->75964 75968->75958 75968->75962 75969 14008b120 75968->75969 75970 14008b150 75969->75970 75971 1400ad120 _Strcoll 3 API calls 75970->75971 75972 14008ba63 75971->75972 75972->75968 75973 14006bf80 76036 14002eaf0 75973->76036 75976 14002eaf0 43 API calls 75977 14006c854 75976->75977 75988 14006cc76 _Receive_impl 75977->75988 76042 14002d4e0 75977->76042 75979 1400ad120 _Strcoll 3 API calls 75981 14006cca1 75979->75981 75987 14006c95d 75987->75988 75989 14006ccbd 75987->75989 75988->75979 76070 140046930 75989->76070 75992 140046a00 38 API calls 75993 14006ccfa 75992->75993 75994 1400af748 Concurrency::cancel_current_task RaiseException 75993->75994 75995 14006cd0d 75994->75995 76078 14002e1d0 75995->76078 76037 14002eb21 76036->76037 76084 1400b9e68 76037->76084 76040 1400ad120 _Strcoll 3 API calls 76041 14002ebc2 76040->76041 76041->75976 76045 14002d509 76042->76045 76043 140036490 38 API calls 76044 14002d59a 76043->76044 76046 14002d370 76044->76046 76045->76043 76047 14002d3a0 76046->76047 76121 1400b9b18 76047->76121 76049 14002d3ac __std_fs_convert_wide_to_narrow 76050 14002d43a 76049->76050 76052 14002d48f 76049->76052 76054 1400417a0 38 API calls 76049->76054 76058 14002d489 76049->76058 76059 14006ecd0 76050->76059 76128 14002c530 38 API calls Concurrency::cancel_current_task 76052->76128 76056 14002d410 __std_fs_convert_wide_to_narrow 76054->76056 76056->76050 76126 14002c530 38 API calls Concurrency::cancel_current_task 76056->76126 76127 14002c160 38 API calls 2 library calls 76058->76127 76060 14006ecf6 76059->76060 76061 14006f820 39 API calls 76060->76061 76062 14006c8ab 76061->76062 76063 14007e7e0 76062->76063 76129 14007df10 76063->76129 76066 1400442d0 38 API calls 76067 14007e83a 76066->76067 76068 1400ad120 _Strcoll 3 API calls 76067->76068 76069 14007e8bd 76068->76069 76069->75987 76071 140046980 76070->76071 76072 1400469ae 76071->76072 76073 1400474a0 38 API calls 76071->76073 76074 140042d30 38 API calls 76072->76074 76073->76072 76075 1400469ca 76074->76075 76076 140042d30 38 API calls 76075->76076 76077 1400469e4 76076->76077 76077->75992 76079 14002e1e9 76078->76079 76616 14002db70 39 API calls _Receive_impl 76079->76616 76081 14002e220 76082 1400af748 Concurrency::cancel_current_task RaiseException 76081->76082 76083 14002e231 76082->76083 76087 1400b9eaa 76084->76087 76085 1400b9eb3 76086 1400ad120 _Strcoll 3 API calls 76085->76086 76091 14002eb3d 76086->76091 76087->76085 76088 1400b9fc5 76087->76088 76089 1400b9f0b GetFileAttributesExW 76087->76089 76116 1400ba23c CreateFileW __std_fs_get_current_path 76088->76116 76093 1400b9f70 76089->76093 76094 1400b9f1f __std_fs_get_current_path 76089->76094 76091->76040 76092 1400b9fe8 76095 1400ba0bb 76092->76095 76096 1400ba01d GetFileInformationByHandleEx 76092->76096 76107 1400b9fee ProcessCodePage 76092->76107 76093->76085 76093->76088 76094->76085 76097 1400b9f2e FindFirstFileW 76094->76097 76099 1400ba0d6 GetFileInformationByHandleEx 76095->76099 76095->76107 76098 1400ba05d 76096->76098 76104 1400ba037 __std_fs_get_current_path ProcessCodePage 76096->76104 76100 1400b9f4d FindClose 76097->76100 76111 1400b9f42 __std_fs_get_current_path 76097->76111 76098->76095 76101 1400ba07e GetFileInformationByHandleEx 76098->76101 76105 1400ba0ec __std_fs_get_current_path ProcessCodePage 76099->76105 76099->76107 76100->76093 76101->76095 76108 1400ba09a __std_fs_get_current_path ProcessCodePage 76101->76108 76102 1400ba17d 76117 140098174 36 API calls BuildCatchObjectHelperInternal 76102->76117 76110 1400ba18e 76104->76110 76104->76111 76105->76111 76112 1400ba188 76105->76112 76106 1400ba182 76118 140098174 36 API calls BuildCatchObjectHelperInternal 76106->76118 76107->76085 76107->76102 76107->76111 76108->76106 76108->76111 76120 140098174 36 API calls BuildCatchObjectHelperInternal 76110->76120 76111->76085 76119 140098174 36 API calls BuildCatchObjectHelperInternal 76112->76119 76116->76092 76122 1400a5264 __std_fs_code_page 36 API calls 76121->76122 76123 1400b9b21 76122->76123 76124 1400b9b2a AreFileApisANSI 76123->76124 76125 1400b9b37 76123->76125 76124->76125 76125->76049 76127->76052 76130 14002eaf0 43 API calls 76129->76130 76133 14007df5f memcpy_s 76130->76133 76131 14007df97 76179 14007df9f 76131->76179 76184 14007e6af 76131->76184 76133->76131 76133->76179 76185 140049810 76133->76185 76134 1400ad120 _Strcoll 3 API calls 76135 14007e641 76134->76135 76135->76066 76135->76067 76137 14007dfde 76138 14007e435 76137->76138 76139 14007e041 76137->76139 76202 14005ecb0 76138->76202 76238 140088720 19 API calls 2 library calls 76139->76238 76143 14007e6c6 76246 14002cdc0 38 API calls 76143->76246 76145 14007e053 76239 1400888e0 47 API calls 5 library calls 76145->76239 76150 14007e6f0 76153 1400af748 Concurrency::cancel_current_task RaiseException 76150->76153 76151 14007e487 76155 14005ecb0 39 API calls 76151->76155 76152 14007e064 76156 14007e077 76152->76156 76157 14007e14c GetFileSize 76152->76157 76158 14007e701 76153->76158 76154 1400474a0 38 API calls 76154->76151 76160 14007e49a 76155->76160 76156->76143 76161 14007e0be _Receive_impl 76156->76161 76159 14007e18d 76157->76159 76163 14007e168 memcpy_s 76157->76163 76159->76163 76166 140047d80 38 API calls 76159->76166 76221 14008c1f0 76160->76221 76240 1400402b0 37 API calls 76161->76240 76162 14007e1f2 SetFilePointer ReadFile 76167 14007e241 76162->76167 76171 14007e352 76162->76171 76163->76162 76166->76162 76167->76143 76177 14007e2c4 _Receive_impl 76167->76177 76171->76143 76176 14007e3a7 _Receive_impl 76171->76176 76174 14007e55d 76243 1400402b0 37 API calls 76174->76243 76175 14007e10f 76175->76179 76242 1400402b0 37 API calls 76176->76242 76241 1400402b0 37 API calls 76177->76241 76179->76134 76180 14007e65c 76244 14002cdc0 38 API calls 76180->76244 76182 14007e69e 76183 1400af748 Concurrency::cancel_current_task RaiseException 76182->76183 76183->76184 76245 14002e240 39 API calls Concurrency::cancel_current_task 76184->76245 76186 140043a70 55 API calls 76185->76186 76187 1400498c7 76186->76187 76247 14004b2b0 76187->76247 76190 1400499a8 76201 140049958 76190->76201 76260 14002cdc0 38 API calls 76190->76260 76193 14004991f 76258 1400424e0 36 API calls _Strcoll 76193->76258 76195 140049931 76259 1400467e0 51 API calls 4 library calls 76195->76259 76197 140049a12 76199 1400af748 Concurrency::cancel_current_task RaiseException 76197->76199 76200 140049a23 76199->76200 76201->76137 76203 14005ed0d 76202->76203 76205 14005edf3 76202->76205 76454 14005fad0 76203->76454 76502 14002cdc0 38 API calls 76205->76502 76206 14005ed32 76211 14005ed69 76206->76211 76492 14003f860 76206->76492 76208 14005edc0 76217 14005ebd0 76208->76217 76209 14005ee35 76210 1400af748 Concurrency::cancel_current_task RaiseException 76209->76210 76210->76211 76211->76208 76503 14002cdc0 38 API calls 76211->76503 76213 14005ee8e 76214 1400af748 Concurrency::cancel_current_task RaiseException 76213->76214 76215 14005eea2 76214->76215 76218 14005ec00 76217->76218 76219 14005fad0 38 API calls 76218->76219 76220 14005ec0f 76219->76220 76220->76151 76220->76154 76222 14008c24d 76221->76222 76224 14008c267 76221->76224 76222->76224 76231 14003fc60 38 API calls 76222->76231 76223 14008c30a 76226 1400435c0 38 API calls 76223->76226 76228 14008c315 _Receive_impl 76223->76228 76224->76223 76599 14008daf0 76224->76599 76226->76228 76227 1400ad120 _Strcoll 3 API calls 76229 14007e4fd 76227->76229 76228->76227 76230 14008c3d9 76228->76230 76229->76143 76232 1400425e0 76229->76232 76231->76224 76233 14004264a 76232->76233 76234 1400425fa 76232->76234 76233->76174 76233->76180 76235 1400423f0 36 API calls 76234->76235 76236 140042634 76235->76236 76237 1400920d8 37 API calls 76236->76237 76237->76233 76238->76145 76239->76152 76240->76175 76241->76175 76242->76175 76243->76179 76244->76182 76246->76150 76248 1400434c0 42 API calls 76247->76248 76249 1400498f4 76248->76249 76249->76190 76250 1400bb3e8 76249->76250 76251 1400bb42e 76250->76251 76253 140049916 76251->76253 76261 1400bcac0 76251->76261 76253->76190 76253->76193 76254 1400bb461 76254->76253 76278 1400966d4 36 API calls ProcessCodePage 76254->76278 76256 1400bb47c 76256->76253 76279 1400920d8 76256->76279 76258->76195 76259->76201 76260->76197 76262 1400bc9ec 76261->76262 76263 1400bca12 76262->76263 76265 1400bca45 76262->76265 76296 140093728 6 API calls memcpy_s 76263->76296 76267 1400bca4b 76265->76267 76268 1400bca58 76265->76268 76266 1400bca17 76297 140096af4 36 API calls _invalid_parameter_noinfo 76266->76297 76298 140093728 6 API calls memcpy_s 76267->76298 76287 14009bf68 76268->76287 76272 1400bca22 76272->76254 76273 1400bca62 76274 1400bca6c 76273->76274 76275 1400bca79 76273->76275 76299 140093728 6 API calls memcpy_s 76274->76299 76291 1400bdd3c 76275->76291 76278->76256 76280 140092108 76279->76280 76418 140091fb4 76280->76418 76282 140092121 76283 140092146 76282->76283 76424 14008e124 36 API calls 3 library calls 76282->76424 76285 14009215b 76283->76285 76425 14008e124 36 API calls 3 library calls 76283->76425 76285->76253 76288 14009bf7f 76287->76288 76300 14009bfdc 76288->76300 76290 14009bf8a 76290->76273 76309 1400bd99c 76291->76309 76294 1400bdd96 76294->76272 76296->76266 76297->76272 76298->76272 76299->76272 76303 14009c00d 76300->76303 76301 14009c2f0 memcpy_s 6 API calls 76302 14009c069 76301->76302 76304 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 76302->76304 76303->76301 76306 14009c093 76303->76306 76305 14009c073 76304->76305 76305->76306 76308 14009ca90 FreeLibrary GetProcAddress InitializeCriticalSectionAndSpinCount __crtLCMapStringW 76305->76308 76306->76290 76308->76306 76310 1400bd9d7 __vcrt_InitializeCriticalSectionEx 76309->76310 76311 1400bdb9e 76310->76311 76324 1400aad6c 39 API calls 5 library calls 76310->76324 76315 1400bdba7 76311->76315 76327 140093728 6 API calls memcpy_s 76311->76327 76313 1400bdc75 76328 140096af4 36 API calls _invalid_parameter_noinfo 76313->76328 76315->76294 76321 1400bf308 76315->76321 76317 1400bdc09 76317->76311 76325 1400aad6c 39 API calls 5 library calls 76317->76325 76319 1400bdc28 76319->76311 76326 1400aad6c 39 API calls 5 library calls 76319->76326 76329 1400be7b8 76321->76329 76323 1400bf335 76323->76294 76324->76317 76325->76319 76326->76311 76327->76313 76328->76315 76330 1400be7cf 76329->76330 76331 1400be7ed 76329->76331 76380 140093728 6 API calls memcpy_s 76330->76380 76331->76330 76333 1400be809 76331->76333 76338 1400bef18 76333->76338 76334 1400be7d4 76381 140096af4 36 API calls _invalid_parameter_noinfo 76334->76381 76337 1400be7e0 76337->76323 76382 1400beafc 76338->76382 76340 1400bef5f 76341 1400bef8d 76340->76341 76342 1400befa5 76340->76342 76405 140093708 6 API calls memcpy_s 76341->76405 76398 1400a3f2c 76342->76398 76345 1400befaa 76347 1400befca CreateFileW 76345->76347 76348 1400befb1 76345->76348 76346 1400bef92 76406 140093728 6 API calls memcpy_s 76346->76406 76351 1400bf0b0 GetFileType 76347->76351 76352 1400bf035 76347->76352 76407 140093708 6 API calls memcpy_s 76348->76407 76354 1400bf10e 76351->76354 76355 1400bf0bd __std_fs_get_current_path 76351->76355 76357 1400bf07d __std_fs_get_current_path 76352->76357 76359 1400bf043 CreateFileW 76352->76359 76353 1400bef9e 76353->76337 76412 1400a3e44 7 API calls 2 library calls 76354->76412 76410 14009369c 6 API calls 2 library calls 76355->76410 76356 1400befb6 76408 140093728 6 API calls memcpy_s 76356->76408 76409 14009369c 6 API calls 2 library calls 76357->76409 76359->76351 76359->76357 76363 1400bf130 76364 1400bf184 76363->76364 76413 1400bed04 42 API calls 2 library calls 76363->76413 76369 1400bf18b 76364->76369 76415 1400be87c 41 API calls 2 library calls 76364->76415 76367 1400bf0cc ProcessCodePage 76367->76346 76411 140093728 6 API calls memcpy_s 76367->76411 76368 1400bf1c2 76368->76369 76370 1400bf1d1 76368->76370 76414 14009be00 37 API calls ProcessCodePage 76369->76414 76370->76353 76373 1400bf250 ProcessCodePage 76370->76373 76374 1400bf259 CreateFileW 76373->76374 76375 1400bf2c5 76374->76375 76376 1400bf297 __std_fs_get_current_path 76374->76376 76375->76353 76416 14009369c 6 API calls 2 library calls 76376->76416 76378 1400bf2a4 76417 1400a406c 7 API calls 2 library calls 76378->76417 76380->76334 76381->76337 76383 1400beb28 76382->76383 76391 1400beb42 76382->76391 76384 140093728 memcpy_s 6 API calls 76383->76384 76383->76391 76385 1400beb37 76384->76385 76386 140096af4 _invalid_parameter_noinfo 36 API calls 76385->76386 76386->76391 76387 1400bec11 76389 1400bc738 36 API calls 76387->76389 76397 1400bec6a 76387->76397 76388 1400bebc0 76388->76387 76390 140093728 memcpy_s 6 API calls 76388->76390 76389->76397 76392 1400bec06 76390->76392 76391->76388 76393 140093728 memcpy_s 6 API calls 76391->76393 76394 140096af4 _invalid_parameter_noinfo 36 API calls 76392->76394 76395 1400bebb5 76393->76395 76394->76387 76396 140096af4 _invalid_parameter_noinfo 36 API calls 76395->76396 76396->76388 76397->76340 76399 1400a3f4f 76398->76399 76400 1400a3f78 76399->76400 76402 1400a3f7d 76399->76402 76403 1400a3fce EnterCriticalSection 76399->76403 76401 1400a3c7c 9 API calls 76400->76401 76401->76402 76402->76345 76403->76402 76404 1400a3fdd LeaveCriticalSection 76403->76404 76404->76399 76405->76346 76406->76353 76407->76356 76408->76346 76409->76346 76410->76367 76411->76346 76412->76363 76413->76364 76414->76353 76415->76368 76416->76378 76417->76375 76419 140091fcf 76418->76419 76421 140091ffd 76418->76421 76440 140096a28 36 API calls _invalid_parameter_noinfo 76419->76440 76423 140091fef 76421->76423 76426 140092030 76421->76426 76423->76282 76424->76283 76425->76285 76427 14009204b 76426->76427 76428 140092070 76426->76428 76451 140096a28 36 API calls _invalid_parameter_noinfo 76427->76451 76431 14009206b 76428->76431 76441 14008e7fc 76428->76441 76431->76423 76435 1400981cc _fread_nolock 36 API calls 76436 140092095 76435->76436 76452 14009bd3c 37 API calls _invalid_parameter_noinfo 76436->76452 76438 14009209f 76438->76431 76439 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 76438->76439 76439->76431 76440->76423 76442 14008e822 76441->76442 76446 14008e853 76441->76446 76443 1400981cc _fread_nolock 36 API calls 76442->76443 76442->76446 76444 14008e843 76443->76444 76453 14009b6d8 36 API calls 2 library calls 76444->76453 76447 14009c0c8 76446->76447 76448 14009c0dc 76447->76448 76449 14009208d 76447->76449 76448->76449 76450 14009bc88 Concurrency::details::SchedulerProxy::DeleteThis 6 API calls 76448->76450 76449->76435 76450->76449 76451->76431 76452->76438 76453->76446 76455 14005fb10 76454->76455 76459 14005faed 76454->76459 76457 14005fb1e 76455->76457 76458 140049e10 38 API calls 76455->76458 76456 14005fb0a 76456->76206 76457->76206 76458->76457 76459->76456 76504 14002cdc0 38 API calls 76459->76504 76461 14005fb73 76462 1400af748 Concurrency::cancel_current_task RaiseException 76461->76462 76465 14005fb84 _Receive_impl 76462->76465 76463 14005fce5 76463->76206 76465->76463 76505 14005e540 38 API calls memcpy_s 76465->76505 76466 14005fecc 76507 14005e540 38 API calls memcpy_s 76466->76507 76469 14005fe99 76469->76466 76471 140060052 76469->76471 76506 140053cd0 38 API calls _Strcoll 76469->76506 76470 14005feef 76508 140053cd0 38 API calls _Strcoll 76470->76508 76473 14006007d 76471->76473 76512 14005e3d0 38 API calls 2 library calls 76471->76512 76482 1400600a6 _Receive_impl 76473->76482 76513 14005df50 38 API calls 2 library calls 76473->76513 76476 14005ff06 76477 14005ff3d 76476->76477 76476->76482 76490 14005ff69 76476->76490 76509 14005e3d0 38 API calls 2 library calls 76476->76509 76477->76490 76510 14005df50 38 API calls 2 library calls 76477->76510 76478 1400600b3 76480 1400600eb 76478->76480 76514 14005e3d0 38 API calls 2 library calls 76478->76514 76480->76482 76515 14005df50 38 API calls 2 library calls 76480->76515 76481 14005e3d0 38 API calls 76481->76490 76485 1400ad120 _Strcoll 3 API calls 76482->76485 76489 1400601ea 76482->76489 76488 1400601cf 76485->76488 76487 140053cd0 38 API calls 76487->76490 76488->76206 76490->76478 76490->76481 76490->76482 76490->76487 76511 14005df50 38 API calls 2 library calls 76490->76511 76493 14003f893 76492->76493 76501 14003f8eb 76493->76501 76516 1400423f0 76493->76516 76495 1400ad120 _Strcoll 3 API calls 76497 14003f959 76495->76497 76496 14003f8b6 76498 14003f8d6 76496->76498 76496->76501 76526 14009663c 76496->76526 76497->76211 76498->76501 76534 140095c34 76498->76534 76501->76495 76502->76209 76503->76213 76504->76461 76505->76469 76506->76469 76507->76470 76508->76476 76509->76477 76510->76490 76511->76490 76512->76473 76513->76482 76514->76480 76515->76482 76517 1400424c2 76516->76517 76518 140042413 76516->76518 76519 1400ad120 _Strcoll 3 API calls 76517->76519 76518->76517 76524 14004241d 76518->76524 76520 1400424d1 76519->76520 76520->76496 76521 140042461 76522 1400ad120 _Strcoll 3 API calls 76521->76522 76523 14004247e 76522->76523 76523->76496 76524->76521 76543 1400935b0 36 API calls ProcessCodePage 76524->76543 76527 14009666c 76526->76527 76544 1400963cc 76527->76544 76529 140096685 76531 1400966aa 76529->76531 76551 14008e124 36 API calls 3 library calls 76529->76551 76533 1400966bf 76531->76533 76552 14008e124 36 API calls 3 library calls 76531->76552 76533->76498 76535 140095c5d 76534->76535 76536 140095c48 76534->76536 76535->76536 76538 140095c62 76535->76538 76573 140093728 6 API calls memcpy_s 76536->76573 76565 14009eb34 76538->76565 76539 140095c4d 76574 140096af4 36 API calls _invalid_parameter_noinfo 76539->76574 76542 140095c58 76542->76501 76543->76521 76545 140096436 76544->76545 76546 1400963f6 76544->76546 76545->76546 76548 140096442 76545->76548 76559 140096a28 36 API calls _invalid_parameter_noinfo 76546->76559 76553 140096550 76548->76553 76550 14009641d 76550->76529 76551->76531 76552->76533 76554 140096580 76553->76554 76555 140096595 76553->76555 76554->76550 76560 140096468 76555->76560 76557 14008e7fc 36 API calls 76557->76554 76558 14009659f 76558->76554 76558->76557 76559->76550 76561 140096482 76560->76561 76562 1400964eb 76560->76562 76561->76562 76564 14009f8ac 36 API calls 2 library calls 76561->76564 76562->76558 76564->76562 76566 14009eb64 76565->76566 76575 14009e640 76566->76575 76568 14009eb7d 76569 14009eba3 76568->76569 76581 14008e124 36 API calls 3 library calls 76568->76581 76571 14009ebb8 76569->76571 76582 14008e124 36 API calls 3 library calls 76569->76582 76571->76542 76573->76539 76574->76542 76576 14009e65b 76575->76576 76578 14009e68a 76575->76578 76595 140096a28 36 API calls _invalid_parameter_noinfo 76576->76595 76583 14009e6ac 76578->76583 76580 14009e67b 76580->76568 76581->76569 76582->76571 76584 14009e6f0 76583->76584 76585 14009e6c7 76583->76585 76587 1400981cc _fread_nolock 36 API calls 76584->76587 76596 140096a28 36 API calls _invalid_parameter_noinfo 76585->76596 76589 14009e6f5 76587->76589 76588 14009e782 76590 14009e6e7 76588->76590 76598 14009e7fc 36 API calls _fread_nolock 76588->76598 76589->76588 76589->76590 76591 14009e772 76589->76591 76590->76580 76597 14009e958 37 API calls 2 library calls 76591->76597 76594 14009e780 76594->76590 76595->76580 76596->76590 76597->76594 76598->76590 76610 14008da20 76599->76610 76601 14008dd02 76601->76223 76602 14008dd34 76614 14002b8e0 38 API calls 76602->76614 76604 14008db2c memcpy_s _Receive_impl 76604->76601 76604->76602 76605 14008dd3f 76604->76605 76606 14008da20 38 API calls 76604->76606 76607 1400ad148 38 API calls std::_Facet_Register 76604->76607 76615 14002b820 38 API calls 2 library calls 76605->76615 76606->76604 76607->76604 76609 14008dd45 76611 14008da36 76610->76611 76612 14008da53 76610->76612 76611->76612 76613 14003fc60 38 API calls 76611->76613 76612->76604 76613->76612 76615->76609 76616->76081 76617 14004b7de 76622 14004c3b0 76617->76622 76620 1400ad120 _Strcoll 3 API calls 76621 14004b81b 76620->76621 76623 14004c3d6 76622->76623 76625 14004c402 76623->76625 76628 140058eb0 38 API calls 4 library calls 76623->76628 76626 14004d100 38 API calls 76625->76626 76627 14004b7e6 76626->76627 76627->76620 76628->76625 76629 1400a3751 76641 1400aa7e4 76629->76641 76642 1400987ac _Getctype 36 API calls 76641->76642 76643 1400aa7ed 76642->76643 76646 140098174 36 API calls BuildCatchObjectHelperInternal 76643->76646 76647 14006931b 76648 140069333 _Receive_impl 76647->76648 76650 140069415 _Receive_impl 76648->76650 76652 1400697d0 76648->76652 76649 1400ad120 _Strcoll 3 API calls 76651 140069443 76649->76651 76650->76649 76709 14007eea0 76652->76709 76654 14006983f memcpy_s 76655 14006987e GetModuleFileNameW 76654->76655 76656 1400698c0 76655->76656 76656->76656 76657 140036490 38 API calls 76656->76657 76658 1400698dd 76657->76658 76659 140036490 38 API calls 76658->76659 76660 140069afe 76659->76660 76771 140036720 76660->76771 76662 140069b0c 76783 140044f90 39 API calls 76662->76783 76664 140069b26 76665 140036490 38 API calls 76664->76665 76666 140069d9d 76665->76666 76667 140036720 38 API calls 76666->76667 76668 140069dab 76667->76668 76784 140044f90 39 API calls 76668->76784 76670 140069dc6 76671 140036490 38 API calls 76670->76671 76672 14006a03e 76671->76672 76785 14002d4a0 38 API calls 76672->76785 76674 14006a05a 76786 140044f90 39 API calls 76674->76786 76676 14006a06f 76677 140036490 38 API calls 76676->76677 76678 14006a51d 76677->76678 76679 140036720 38 API calls 76678->76679 76680 14006a52e 76679->76680 76787 140044f90 39 API calls 76680->76787 76682 14006a54c 76683 140036490 38 API calls 76682->76683 76684 14006a7dd 76683->76684 76685 140036720 38 API calls 76684->76685 76686 14006a7ee 76685->76686 76788 140044f90 39 API calls 76686->76788 76688 14006a80c 76689 140036490 38 API calls 76688->76689 76690 14006aa90 76689->76690 76691 140036720 38 API calls 76690->76691 76692 14006aaa1 76691->76692 76789 140044f90 39 API calls 76692->76789 76694 14006aabf 76695 140036490 38 API calls 76694->76695 76696 14006acaa 76695->76696 76697 140036720 38 API calls 76696->76697 76698 14006acbb 76697->76698 76790 140044f90 39 API calls 76698->76790 76700 14006acd9 76701 140036490 38 API calls 76700->76701 76702 14006afef 76701->76702 76703 140036720 38 API calls 76702->76703 76704 14006b000 76703->76704 76791 140044f90 39 API calls 76704->76791 76706 14006b01e 76792 14002cf70 76706->76792 76710 14007ef33 76709->76710 76796 14002d810 76710->76796 76712 14007ef58 _Receive_impl 76713 14002eaf0 43 API calls 76712->76713 76714 14007f4a7 76712->76714 76715 14007efc4 memcpy_s 76713->76715 76840 14002e240 39 API calls Concurrency::cancel_current_task 76714->76840 76718 140049810 70 API calls 76715->76718 76731 14007f006 76715->76731 76717 1400ad120 _Strcoll 3 API calls 76719 14007f099 76717->76719 76720 14007f0e9 76718->76720 76719->76654 76770 14007f370 76720->76770 76805 140044660 76720->76805 76721 14007f4cf 76841 14002cdc0 38 API calls 76721->76841 76725 14007f4f6 76727 1400af748 Concurrency::cancel_current_task RaiseException 76725->76727 76726 14007f162 76729 14007f202 76726->76729 76730 14007f17f 76726->76730 76728 14007f507 76727->76728 76842 14002cdc0 38 API calls 76728->76842 76812 14008ac60 76729->76812 76730->76721 76732 14007f1b1 76730->76732 76731->76714 76748 14007f067 _Receive_impl 76731->76748 76735 140040360 39 API calls 76732->76735 76738 14007f1be 76735->76738 76736 14007f216 76741 14007f2b0 76736->76741 76742 14007f22d 76736->76742 76737 14007f530 76739 1400af748 Concurrency::cancel_current_task RaiseException 76737->76739 76740 140042fb0 38 API calls 76738->76740 76751 14007f544 76739->76751 76743 14007f1de 76740->76743 76746 14008ac60 38 API calls 76741->76746 76742->76728 76744 14007f25f 76742->76744 76835 140034ac0 37 API calls 76743->76835 76827 140040360 76744->76827 76749 14007f2c4 76746->76749 76748->76717 76752 14008ac60 38 API calls 76749->76752 76843 14002cdc0 38 API calls 76751->76843 76755 14007f2d3 76752->76755 76753 140042fb0 38 API calls 76756 14007f28c 76753->76756 76837 140044780 38 API calls Concurrency::cancel_current_task 76755->76837 76836 140034ac0 37 API calls 76756->76836 76757 14007f56e 76761 1400af748 Concurrency::cancel_current_task RaiseException 76757->76761 76759 14007f2e3 76759->76751 76763 140040360 39 API calls 76759->76763 76762 14007f582 76761->76762 76764 14007f323 76763->76764 76765 140041970 38 API calls 76764->76765 76766 14007f333 76765->76766 76767 140042fb0 38 API calls 76766->76767 76768 14007f362 76767->76768 76838 140034ac0 37 API calls 76768->76838 76770->76748 76839 1400402b0 37 API calls 76770->76839 76774 14003674e 76771->76774 76772 140036843 77039 14002b8e0 38 API calls 76772->77039 76774->76772 76777 14003676a memcpy_s 76774->76777 76778 140036804 76774->76778 76779 1400367dd 76774->76779 76782 1400367ee 76774->76782 76777->76662 76780 1400ad148 std::_Facet_Register 38 API calls 76778->76780 76781 1400ad148 std::_Facet_Register 38 API calls 76779->76781 76779->76782 76780->76777 76781->76782 76782->76777 77038 14002b820 38 API calls 2 library calls 76782->77038 76783->76664 76784->76670 76785->76674 76786->76676 76787->76682 76788->76688 76789->76694 76790->76700 76791->76706 76793 14002cf8d 76792->76793 76794 1400af748 Concurrency::cancel_current_task RaiseException 76793->76794 76795 14002cf9e 76794->76795 76797 14002d850 76796->76797 76798 14002d97a 76797->76798 76802 14002d896 76797->76802 76799 140036720 38 API calls 76798->76799 76800 14002d982 76799->76800 76845 14002d140 76800->76845 76804 14002d8fa memcpy_s 76802->76804 76844 14004db90 38 API calls 4 library calls 76802->76844 76804->76712 76806 1400427b0 38 API calls 76805->76806 76807 140044696 76806->76807 76868 14004dd00 76807->76868 76811 140044705 76811->76726 76813 14008acfe 76812->76813 76815 14008ac7f 76812->76815 77036 14008caf0 38 API calls 76813->77036 76818 14008acba 76815->76818 77034 14008cbb0 38 API calls 76815->77034 76816 14008ad18 76817 140046a00 38 API calls 76816->76817 76819 14008ad2b 76817->76819 76818->76736 76822 1400af748 Concurrency::cancel_current_task RaiseException 76819->76822 76821 14008acdf 77035 14008cc70 38 API calls 3 library calls 76821->77035 76824 14008ad3c 76822->76824 76825 14008aced 76826 1400af748 Concurrency::cancel_current_task RaiseException 76825->76826 76826->76813 76828 1400425e0 37 API calls 76827->76828 76830 140040372 76828->76830 76829 1400403a0 76829->76753 76830->76829 77037 14002cdc0 38 API calls 76830->77037 76832 1400403e6 76833 1400af748 Concurrency::cancel_current_task RaiseException 76832->76833 76834 1400403f7 76833->76834 76835->76748 76836->76748 76837->76759 76838->76770 76839->76731 76841->76725 76842->76737 76843->76757 76844->76804 76855 14002d15f 76845->76855 76846 14002d26b 76847 14002d297 76846->76847 76850 14002d2c0 76846->76850 76848 14002d35e 76847->76848 76854 14002d2a7 76847->76854 76866 1400435a0 38 API calls 76848->76866 76850->76854 76860 140046f10 38 API calls 4 library calls 76850->76860 76852 14002d255 76852->76804 76861 140041590 76854->76861 76855->76846 76856 14002d24a 76855->76856 76859 14002d9c0 38 API calls memcpy_s 76856->76859 76859->76852 76860->76854 76862 1400415f3 76861->76862 76865 1400415af memcpy_s 76861->76865 76867 140047200 38 API calls 4 library calls 76862->76867 76864 14004160c 76864->76852 76865->76852 76867->76864 76869 14004dd54 76868->76869 76870 14009320c 36 API calls 76869->76870 76871 14004de3a 76870->76871 76872 14004b500 38 API calls 76871->76872 76873 14004de61 76872->76873 76937 14002f1f0 76873->76937 76876 1400ad120 _Strcoll 3 API calls 76877 1400446f9 76876->76877 76878 140048e80 76877->76878 76879 140049191 76878->76879 76883 140048ecb memcpy_s 76878->76883 76945 140050d10 76879->76945 76881 1400491c4 76882 14004b500 38 API calls 76881->76882 76891 1400491d0 76882->76891 77004 14004a4b0 38 API calls 76883->77004 76885 140048f1b 77005 14004fb20 38 API calls 2 library calls 76885->77005 76887 1400492d8 _Receive_impl 76888 1400493c6 76887->76888 76890 1400427b0 38 API calls 76887->76890 76932 140049470 76887->76932 76933 1400494c7 76887->76933 76897 14004918c _Receive_impl 76888->76897 76888->76932 76889 140048f2b 76893 14004b500 38 API calls 76889->76893 76894 14004938c 76890->76894 76891->76887 77012 14004a680 38 API calls _Receive_impl 76891->77012 76892 1400ad120 _Strcoll 3 API calls 76896 14004941c 76892->76896 76903 140048f37 76893->76903 76898 140042fb0 38 API calls 76894->76898 76896->76811 76897->76892 76898->76888 76899 14004921d 77013 1400509f0 38 API calls 4 library calls 76899->77013 76901 140049125 76906 14004917f 76901->76906 76910 1400427b0 38 API calls 76901->76910 76902 1400490dd 76905 1400427b0 38 API calls 76902->76905 76935 1400490c4 _Receive_impl 76903->76935 77006 14004a680 38 API calls _Receive_impl 76903->77006 76904 140049243 77014 14004ac00 38 API calls _Strcoll 76904->77014 76909 1400490f8 76905->76909 77011 14004a2d0 38 API calls _Receive_impl 76906->77011 76917 140042fb0 38 API calls 76909->76917 76910->76909 76913 140048f83 77007 1400509f0 38 API calls 4 library calls 76913->77007 76914 140049488 76918 1400af748 Concurrency::cancel_current_task RaiseException 76914->76918 76917->76906 76930 140049498 76918->76930 76919 140049252 _Receive_impl 76919->76930 76919->76933 77015 1400af090 7 API calls _Yarn 76919->77015 76921 1400494b7 76924 1400af748 Concurrency::cancel_current_task RaiseException 76921->76924 76922 140048fa9 77008 14004ac00 38 API calls _Strcoll 76922->77008 76923 1400492ca 77016 1400af090 7 API calls _Yarn 76923->77016 76924->76933 76927 140048fb9 76928 140048fce _Receive_impl 76927->76928 76927->76932 76928->76930 77009 1400af090 7 API calls _Yarn 76928->77009 77018 140042e50 37 API calls 76930->77018 76931 140049039 77010 1400af090 7 API calls _Yarn 76931->77010 77017 140042e50 37 API calls 76932->77017 76933->76811 76935->76901 76935->76902 76936 140049047 _Receive_impl 76936->76930 76936->76935 76938 14002f227 76937->76938 76939 14002f1fe 76937->76939 76938->76876 76939->76938 76944 14002cdc0 38 API calls 76939->76944 76941 14002f25e 76942 1400af748 Concurrency::cancel_current_task RaiseException 76941->76942 76943 14002f26f 76942->76943 76944->76941 76946 140050d8d 76945->76946 76947 14005195c 76945->76947 77019 14004a680 38 API calls _Receive_impl 76947->77019 76949 14005199c 77020 1400509f0 38 API calls 4 library calls 76949->77020 76951 1400519c2 77021 14004ac00 38 API calls _Strcoll 76951->77021 76953 1400519d2 76954 140051a3d 76953->76954 76955 1400519dd 76953->76955 77023 140042e50 37 API calls 76954->77023 77022 14002eec0 7 API calls __std_exception_destroy 76955->77022 76957 140051a49 76959 1400af748 Concurrency::cancel_current_task RaiseException 76957->76959 76960 140051a59 76959->76960 77024 140042e50 37 API calls 76960->77024 76962 140051a66 76963 1400af748 Concurrency::cancel_current_task RaiseException 76962->76963 76964 140051a76 76963->76964 77025 140042e50 37 API calls 76964->77025 76966 140051a83 76968 1400af748 Concurrency::cancel_current_task RaiseException 76966->76968 76967 1400519f1 76969 1400ad120 _Strcoll 3 API calls 76967->76969 76970 140051a93 76968->76970 76971 140051a26 76969->76971 77026 140053330 37 API calls 76970->77026 76971->76881 76973 140051aa0 76974 1400af748 Concurrency::cancel_current_task RaiseException 76973->76974 76975 140051ab0 76974->76975 77027 140042e50 37 API calls 76975->77027 76977 140051abd 76978 1400af748 Concurrency::cancel_current_task RaiseException 76977->76978 76979 140051acd 76978->76979 77028 140042e50 37 API calls 76979->77028 76981 140051ada 76982 1400af748 Concurrency::cancel_current_task RaiseException 76981->76982 76983 140051aea 76982->76983 77029 140042e50 37 API calls 76983->77029 76985 140051af7 76986 1400af748 Concurrency::cancel_current_task RaiseException 76985->76986 76987 140051b07 76986->76987 77030 140042e50 37 API calls 76987->77030 76989 140051b14 76990 1400af748 Concurrency::cancel_current_task RaiseException 76989->76990 76991 140051b24 76990->76991 77031 140042e50 37 API calls 76991->77031 76993 140051b31 76994 1400af748 Concurrency::cancel_current_task RaiseException 76993->76994 76995 140051b41 76994->76995 77032 140042e50 37 API calls 76995->77032 76997 140051b4e 76998 1400af748 Concurrency::cancel_current_task RaiseException 76997->76998 76999 140051b5e 76998->76999 77033 140042e50 37 API calls 76999->77033 77001 140051b6b 77002 1400af748 Concurrency::cancel_current_task RaiseException 77001->77002 77003 140051b7b 77002->77003 77003->76881 77003->77003 77004->76885 77005->76889 77006->76913 77007->76922 77008->76927 77009->76931 77010->76936 77011->76897 77012->76899 77013->76904 77014->76919 77015->76923 77016->76887 77017->76914 77018->76921 77019->76949 77020->76951 77021->76953 77022->76967 77023->76957 77024->76962 77025->76966 77026->76973 77027->76977 77028->76981 77029->76985 77030->76989 77031->76993 77032->76997 77033->77001 77034->76821 77035->76825 77036->76816 77037->76832 77038->76772

                                                                  Executed Functions

                                                                  Function 00000001400849D0 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225windowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
                                                                  • String ID:
                                                                  • API String ID: 3214587331-3916222277
                                                                  • Opcode ID: b8ad9de3582fef1955ac4035c1c75ac334f415ebc7e19910e4ff908aacfd4282
                                                                  • Instruction ID: 8a9b4e0b064338a6d8d553899a54bca9af0a5e421b87f50a1b45792b9aa8e9a5
                                                                  • Opcode Fuzzy Hash: b8ad9de3582fef1955ac4035c1c75ac334f415ebc7e19910e4ff908aacfd4282
                                                                  • Instruction Fuzzy Hash: 91B11B72618BC086E761DB22E8543DEB7A5F789BC0F508615EA8E43B69DF3CC185CB10
                                                                  Function 0000000140086BE0 Relevance: 22.6, APIs: 3, Strings: 9, Instructions: 1600COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
                                                                  • String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                                                  • API String ID: 2509368203-1182675529
                                                                  • Opcode ID: a46e5203c657c07eb4b7182e7fef379a7db23a876a87c17c3647340b6bfc226d
                                                                  • Instruction ID: 0cfcea1034b7f9981394cb5387c0e5e44c922b0cc561fc60f0db12949e2aba7b
                                                                  • Opcode Fuzzy Hash: a46e5203c657c07eb4b7182e7fef379a7db23a876a87c17c3647340b6bfc226d
                                                                  • Instruction Fuzzy Hash: DDF26B73614BC085DB22CB26E8903DD77A1F799798F419616FB8D17BA9EB78C290C700
                                                                  Function 000000014003C5E0 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862libraryloaderCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 535 14003c5e0-14003c6df LoadLibraryA 536 14003c6e5-14003caa0 GetProcAddress * 6 535->536 537 14003d5a0-14003d5aa 535->537 536->537 538 14003caa6-14003caa9 536->538 539 14003d5ac-14003d5ae 537->539 540 14003d5b9-14003d5bc 537->540 538->537 541 14003caaf-14003cab2 538->541 539->540 542 14003d5c7-14003d5f6 call 1400ad120 540->542 543 14003d5be-14003d5c1 FreeLibrary 540->543 541->537 545 14003cab8-14003cabb 541->545 543->542 545->537 548 14003cac1-14003cac4 545->548 548->537 549 14003caca-14003cacd 548->549 549->537 550 14003cad3-14003cae1 549->550 551 14003cae5-14003cae7 550->551 551->537 552 14003caed-14003caf9 551->552 552->537 553 14003caff-14003cb08 552->553 554 14003cb10-14003cb2b 553->554 556 14003cb31-14003cb4f 554->556 557 14003d587-14003d593 554->557 556->557 560 14003cb55-14003cb67 556->560 557->554 558 14003d599 557->558 558->537 561 14003d573-14003d582 560->561 562 14003cb6d 560->562 561->557 563 14003cb72-14003cbc3 call 1400ad148 562->563 568 14003ce42 563->568 569 14003cbc9-14003cbd0 563->569 571 14003ce44-14003ce4b 568->571 569->568 570 14003cbd6-14003cccf call 1400767f0 call 1400442d0 call 1400445a0 569->570 600 14003ccd0-14003ccd8 570->600 573 14003d0c1-14003d0fd 571->573 574 14003ce51-14003ce58 571->574 582 14003d103-14003d111 573->582 583 14003d397-14003d399 573->583 574->573 576 14003ce5e-14003cf4b call 1400767f0 call 1400442d0 call 1400445a0 574->576 608 14003cf52-14003cf5a 576->608 588 14003d117-14003d11e 582->588 589 14003d390-14003d393 582->589 584 14003d545-14003d55b call 14003f160 583->584 585 14003d39f-14003d4c8 call 1400475f0 call 1400408c0 call 1400475f0 call 1400408c0 call 140042fb0 call 1400ad148 call 1400640b0 583->585 602 14003d561-14003d56c 584->602 603 14003cb70 584->603 678 14003d4d4-14003d4e7 call 1400427b0 585->678 679 14003d4ca-14003d4cc 585->679 588->589 590 14003d124-14003d218 call 1400767f0 call 1400442d0 call 1400445a0 588->590 589->583 595 14003d395 589->595 625 14003d220-14003d227 590->625 595->583 600->600 601 14003ccda-14003cd34 call 1400475f0 call 140045b00 call 140042fb0 600->601 631 14003cd67-14003cd91 601->631 632 14003cd36-14003cd47 601->632 602->561 603->563 608->608 612 14003cf5c-14003cfb5 call 1400475f0 call 140045b00 call 140042fb0 608->612 647 14003cfe8-14003d012 612->647 648 14003cfb7-14003cfc8 612->648 625->625 629 14003d229-14003d282 call 1400475f0 call 140045b00 call 140042fb0 625->629 697 14003d284-14003d295 629->697 698 14003d2b5-14003d2de 629->698 640 14003cd93-14003cda7 631->640 641 14003cdc9-14003cdef 631->641 636 14003cd62 call 1400ad140 632->636 637 14003cd49-14003cd5c 632->637 636->631 637->636 645 14003d651-14003d656 call 140096b14 637->645 650 14003cdc2-14003cdc7 call 1400ad140 640->650 651 14003cda9-14003cdbc 640->651 643 14003cdf1-14003ce05 641->643 644 14003ce27-14003ce40 641->644 654 14003ce07-14003ce1a 643->654 655 14003ce20-14003ce25 call 1400ad140 643->655 644->571 659 14003d657-14003d65c call 140096b14 645->659 660 14003d014-14003d028 647->660 661 14003d04a-14003d070 647->661 656 14003cfe3 call 1400ad140 648->656 657 14003cfca-14003cfdd 648->657 650->641 651->650 651->659 654->655 669 14003d65d-14003d662 call 140096b14 654->669 655->644 656->647 657->656 674 14003d663-14003d668 call 140096b14 657->674 659->669 664 14003d043-14003d048 call 1400ad140 660->664 665 14003d02a-14003d03d 660->665 672 14003d072-14003d086 661->672 673 14003d0a8-14003d0ba 661->673 664->661 665->664 677 14003d669-14003d66e call 140096b14 665->677 669->674 682 14003d0a1-14003d0a6 call 1400ad140 672->682 683 14003d088-14003d09b 672->683 673->573 674->677 692 14003d66f-14003d674 call 140096b14 677->692 702 14003d4eb-14003d4f7 678->702 688 14003d4d2 679->688 689 14003d5fd-14003d64a call 140042970 call 140046930 call 140046a00 call 1400af748 679->689 682->673 683->682 683->692 688->702 731 14003d64b-14003d650 call 140096b14 689->731 709 14003d675-14003d67a call 140096b14 692->709 699 14003d297-14003d2aa 697->699 700 14003d2b0 call 1400ad140 697->700 703 14003d314-14003d33a 698->703 704 14003d2e0-14003d2f4 698->704 699->700 699->709 700->698 714 14003d4f9-14003d51c 702->714 715 14003d51e-14003d528 call 14004f510 702->715 717 14003d33c-14003d350 703->717 718 14003d370-14003d389 703->718 712 14003d2f6-14003d309 704->712 713 14003d30f call 1400ad140 704->713 712->713 720 14003d5f7-14003d5fc call 140096b14 712->720 713->703 722 14003d52d-14003d53e call 140042fb0 714->722 715->722 725 14003d352-14003d365 717->725 726 14003d36b call 1400ad140 717->726 718->589 720->689 722->584 725->726 725->731 726->718 731->645
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AddressProc$Library$FreeLoad
                                                                  • String ID: cannot use push_back() with $system$vault
                                                                  • API String ID: 2449869053-1741236777
                                                                  • Opcode ID: 0d948670e934948f9399bcc25d98691fce76d742d32ec229edf0addd9f7a4c44
                                                                  • Instruction ID: 2ec4e2a7ae8c91d38f5a8356c21f69af9047b71e87f6ad347462173074feb4f2
                                                                  • Opcode Fuzzy Hash: 0d948670e934948f9399bcc25d98691fce76d742d32ec229edf0addd9f7a4c44
                                                                  • Instruction Fuzzy Hash: 3F925E72205BC489DB628F26E8843DE77B4F749798F104216EB9D4BBA9EF74C694C300
                                                                  Function 000000014007B500 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 161synchronizationCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Process$Exit$MutexOpenToken$CloseCreateCurrentFileHandleInformationInitializeModuleName
                                                                  • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                                                  • API String ID: 4279366119-3768118664
                                                                  • Opcode ID: c15579a596aae32c568705457757ddd2bb20bc35d715638889c75400a0ff4399
                                                                  • Instruction ID: 962da8f413caa45279bf650923a9d6b93aba050168666a2f2076e0c646855bcd
                                                                  • Opcode Fuzzy Hash: c15579a596aae32c568705457757ddd2bb20bc35d715638889c75400a0ff4399
                                                                  • Instruction Fuzzy Hash: AF619F72218A8581EA26AB66E4553EEA391FBCD7C4F505615F78E43AF6EF3CC040CB11
                                                                  Function 0000000140034B70 Relevance: 15.3, APIs: 3, Strings: 5, Instructions: 1343registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseOpenQueryValue
                                                                  • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                                                  • API String ID: 3677997916-3429737954
                                                                  • Opcode ID: 175320917f964c83a506369eff2fb3a54cecadb9ef131e354b589dabf4103beb
                                                                  • Instruction ID: 23406d12f56c9c9c5856e535017d7a69c74f1142575ed8a38387d0c1f75b00f7
                                                                  • Opcode Fuzzy Hash: 175320917f964c83a506369eff2fb3a54cecadb9ef131e354b589dabf4103beb
                                                                  • Instruction Fuzzy Hash: 81E25F72614BC08AEB62DF35D8803DD73A5F789798F505216EB9D4BAA9EF74C684C300
                                                                  Function 0000000140032CA0 Relevance: 14.8, APIs: 3, Strings: 5, Instructions: 789registryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1433 140032ca0-140032d72 1434 140032d75-140032d7c 1433->1434 1434->1434 1435 140032d7e-140032efe call 1400475f0 1434->1435 1438 140032f01-140032f09 1435->1438 1438->1438 1439 140032f0b-140032f93 call 1400475f0 1438->1439 1442 140032f96-140032f9e 1439->1442 1442->1442 1443 140032fa0-14003302a call 1400475f0 RegOpenKeyExA 1442->1443 1446 140033030-140033072 RegQueryValueExA 1443->1446 1447 1400330ee-1400330f5 1443->1447 1446->1447 1450 140033074-1400330b2 call 1400475f0 call 1400418a0 1446->1450 1448 1400330f7 RegCloseKey 1447->1448 1449 1400330fd-140033168 call 140054b20 1447->1449 1448->1449 1456 14003319c-1400331af 1449->1456 1457 14003316a-14003317c 1449->1457 1464 1400330b4-1400330c5 1450->1464 1465 1400330e5-1400330ea 1450->1465 1459 1400331b5-1400331f5 call 14002eaf0 1456->1459 1460 14003382b-140033836 1456->1460 1461 140033197 call 1400ad140 1457->1461 1462 14003317e-140033191 1457->1462 1481 1400339a7-1400339a9 1459->1481 1482 1400331fb-1400331fe 1459->1482 1467 140033838-14003384e 1460->1467 1468 14003386e-140033890 1460->1468 1461->1456 1462->1461 1469 1400339d1-1400339d6 call 140096b14 1462->1469 1470 1400330c7-1400330da 1464->1470 1471 1400330e0 call 1400ad140 1464->1471 1465->1447 1473 140033869 call 1400ad140 1467->1473 1474 140033850-140033863 1467->1474 1476 140033892-1400338a6 1468->1476 1477 1400338c6-1400338e0 1468->1477 1500 1400339d7-1400339e9 call 14002e1d0 1469->1500 1470->1471 1480 1400339cb-1400339d0 call 140096b14 1470->1480 1471->1465 1473->1468 1474->1473 1484 1400339f0-1400339f5 call 140096b14 1474->1484 1487 1400338c1 call 1400ad140 1476->1487 1488 1400338a8-1400338bb 1476->1488 1478 1400338e2-1400338f6 1477->1478 1479 140033916-140033930 1477->1479 1493 140033911 call 1400ad140 1478->1493 1494 1400338f8-14003390b 1478->1494 1497 140033962-1400339a6 call 1400ad120 1479->1497 1498 140033932-140033946 1479->1498 1480->1469 1489 1400339b6-1400339ca call 14002e240 1481->1489 1490 1400339ab 1481->1490 1482->1460 1496 140033204-14003322b call 14002d020 1482->1496 1513 1400339f6-140033a05 call 14002e1d0 1484->1513 1487->1477 1488->1487 1491 140033a1e-140033a23 call 140096b14 1488->1491 1489->1480 1490->1460 1502 140033a24-140033a29 call 140096b14 1491->1502 1493->1479 1494->1493 1494->1502 1524 14003329c-140033305 call 140036490 call 140044100 1496->1524 1525 14003322d 1496->1525 1507 140033948-14003395b 1498->1507 1508 14003395d call 1400ad140 1498->1508 1521 1400339ea-1400339ef call 140096b14 1500->1521 1507->1508 1517 1400339b0-1400339b5 call 140096b14 1507->1517 1508->1497 1533 140033a06-140033a0b call 140096b14 1513->1533 1517->1489 1521->1484 1524->1500 1544 14003330b-14003331a 1524->1544 1531 140033230-140033237 1525->1531 1535 140033239-14003323d 1531->1535 1536 14003323f-140033246 1531->1536 1543 140033a0c-140033a11 call 140096b14 1533->1543 1535->1536 1539 140033248-14003324b 1535->1539 1536->1531 1536->1539 1539->1524 1542 14003324d 1539->1542 1545 140033250-14003325c 1542->1545 1562 140033a12-140033a17 call 140096b14 1543->1562 1549 140033352-140033382 1544->1549 1550 14003331c-140033332 1544->1550 1546 14003326e-140033271 1545->1546 1547 14003325e-140033262 1545->1547 1546->1524 1554 140033273-140033277 1546->1554 1547->1546 1551 140033264-14003326a 1547->1551 1552 140033384-140033388 1549->1552 1553 14003338c-1400333cb call 14002e8c0 1549->1553 1556 140033334-140033347 1550->1556 1557 14003334d call 1400ad140 1550->1557 1551->1545 1559 14003326c 1551->1559 1552->1553 1568 1400333da-140033404 call 14002e9a0 1553->1568 1569 1400333cd-1400333d6 1553->1569 1561 140033280-14003328c 1554->1561 1556->1521 1556->1557 1557->1549 1559->1524 1565 140033294-14003329a 1561->1565 1566 14003328e-140033292 1561->1566 1570 140033a18-140033a1d call 14002cf70 1562->1570 1565->1524 1565->1561 1566->1524 1566->1565 1575 14003340a 1568->1575 1576 140033789-140033793 1568->1576 1569->1568 1570->1491 1579 140033410-140033431 call 14002eaf0 1575->1579 1577 140033795-14003379f 1576->1577 1578 1400337bf-1400337c9 1576->1578 1577->1578 1580 1400337a1-1400337b3 1577->1580 1581 1400337f5-1400337fc 1578->1581 1582 1400337cb-1400337d5 1578->1582 1589 140033433-14003343b 1579->1589 1590 140033441-140033444 1579->1590 1580->1578 1593 1400337b5-1400337be 1580->1593 1581->1460 1584 1400337fe-140033808 1581->1584 1582->1581 1585 1400337d7-1400337e9 1582->1585 1584->1460 1587 14003380a-14003381e 1584->1587 1585->1581 1597 1400337eb-1400337f4 1585->1597 1587->1460 1600 140033820-14003382a 1587->1600 1589->1513 1589->1590 1591 14003344a-140033461 call 14007e7e0 1590->1591 1592 140033769-140033783 call 14002e7b0 1590->1592 1603 140033467-1400334b0 call 140042a00 call 14002d4e0 call 14002d370 1591->1603 1604 14003375d-140033764 call 14002f380 1591->1604 1592->1576 1592->1579 1593->1578 1597->1581 1600->1460 1614 1400334b2 1603->1614 1615 1400334b5-140033554 call 1400442d0 call 1400445a0 call 1400475f0 call 1400408c0 call 140042fb0 1603->1615 1604->1592 1614->1615 1626 140033587-14003359f 1615->1626 1627 140033556-140033567 1615->1627 1630 1400335d2-1400335ea 1626->1630 1631 1400335a1-1400335b2 1626->1631 1628 140033582 call 1400ad140 1627->1628 1629 140033569-14003357c 1627->1629 1628->1626 1629->1533 1629->1628 1632 140033622-140033643 1630->1632 1633 1400335ec-140033602 1630->1633 1635 1400335b4-1400335c7 1631->1635 1636 1400335cd call 1400ad140 1631->1636 1632->1570 1639 140033649-14003375c call 14005c490 call 1400475f0 call 1400408c0 call 140042fb0 call 140041970 call 1400408c0 call 140041970 call 1400408c0 call 140040760 call 140042fb0 1632->1639 1637 140033604-140033617 1633->1637 1638 14003361d call 1400ad140 1633->1638 1635->1543 1635->1636 1636->1630 1637->1562 1637->1638 1638->1632 1639->1604
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseOpenQueryValue
                                                                  • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                                                  • API String ID: 3677997916-3429737954
                                                                  • Opcode ID: bd29fab57e6ba89ddd447dda21f70310d0c0f8bbbc31d0296f751e6485ff42c4
                                                                  • Instruction ID: 62805d46291fcd4fccf0c70bfe2eedc485df16924868f35b375ef2d556690b27
                                                                  • Opcode Fuzzy Hash: bd29fab57e6ba89ddd447dda21f70310d0c0f8bbbc31d0296f751e6485ff42c4
                                                                  • Instruction Fuzzy Hash: FB825C72611BC48AEB228F36D8803DE73A1F789798F505216EB9D57BA9EF74C584C300
                                                                  Function 00000001400A16FC Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1662 1400a16fc-1400a1737 call 1400a0d98 call 1400a0da0 call 1400a0e08 1669 1400a173d-1400a1748 call 1400a0da8 1662->1669 1670 1400a1961-1400a19ad call 140096b44 call 1400a0d98 call 1400a0da0 call 1400a0e08 1662->1670 1669->1670 1676 1400a174e-1400a1758 1669->1676 1695 1400a1aeb-1400a1b59 call 140096b44 call 1400aa344 1670->1695 1696 1400a19b3-1400a19be call 1400a0da8 1670->1696 1678 1400a177a-1400a177e 1676->1678 1679 1400a175a-1400a175d 1676->1679 1682 1400a1781-1400a1789 1678->1682 1681 1400a1760-1400a176b 1679->1681 1684 1400a176d-1400a1774 1681->1684 1685 1400a1776-1400a1778 1681->1685 1682->1682 1686 1400a178b-1400a179e call 14009d17c 1682->1686 1684->1681 1684->1685 1685->1678 1688 1400a17a7-1400a17b5 1685->1688 1693 1400a17a0-1400a17a2 call 14009bc88 1686->1693 1694 1400a17b6-1400a17c2 call 14009bc88 1686->1694 1693->1688 1703 1400a17c9-1400a17d1 1694->1703 1715 1400a1b5b-1400a1b62 1695->1715 1716 1400a1b67-1400a1b6a 1695->1716 1696->1695 1706 1400a19c4-1400a19cf call 1400a0dd8 1696->1706 1703->1703 1707 1400a17d3-1400a17e4 call 1400a6898 1703->1707 1706->1695 1717 1400a19d5-1400a19f8 call 14009bc88 GetTimeZoneInformation 1706->1717 1707->1670 1714 1400a17ea-1400a1840 call 1400bff10 * 4 call 1400a1618 1707->1714 1774 1400a1842-1400a1846 1714->1774 1720 1400a1bf7-1400a1bfa 1715->1720 1721 1400a1b6c 1716->1721 1722 1400a1ba1-1400a1bb4 call 14009d17c 1716->1722 1728 1400a1ac0-1400a1aea call 1400a0d90 call 1400a0d80 call 1400a0d88 1717->1728 1729 1400a19fe-1400a1a1f 1717->1729 1725 1400a1b6f 1720->1725 1726 1400a1c00-1400a1c08 call 1400a16fc 1720->1726 1721->1725 1741 1400a1bbf-1400a1bda call 1400aa344 1722->1741 1742 1400a1bb6 1722->1742 1731 1400a1b74-1400a1ba0 call 14009bc88 call 1400ad120 1725->1731 1732 1400a1b6f call 1400a1978 1725->1732 1726->1731 1735 1400a1a2a-1400a1a31 1729->1735 1736 1400a1a21-1400a1a27 1729->1736 1732->1731 1744 1400a1a33-1400a1a3b 1735->1744 1745 1400a1a45 1735->1745 1736->1735 1757 1400a1bdc-1400a1bdf 1741->1757 1758 1400a1be1-1400a1bf3 call 14009bc88 1741->1758 1749 1400a1bb8-1400a1bbd call 14009bc88 1742->1749 1744->1745 1751 1400a1a3d-1400a1a43 1744->1751 1754 1400a1a47-1400a1abb call 1400bff10 * 4 call 1400a5264 call 1400a1c10 * 2 1745->1754 1749->1721 1751->1754 1754->1728 1757->1749 1758->1720 1776 1400a184c-1400a1850 1774->1776 1777 1400a1848 1774->1777 1776->1774 1779 1400a1852-1400a1877 call 140092e10 1776->1779 1777->1776 1785 1400a187a-1400a187e 1779->1785 1787 1400a1880-1400a188b 1785->1787 1788 1400a188d-1400a1891 1785->1788 1787->1788 1790 1400a1893-1400a1897 1787->1790 1788->1785 1793 1400a1899-1400a18c1 call 140092e10 1790->1793 1794 1400a1918-1400a191c 1790->1794 1802 1400a18df-1400a18e3 1793->1802 1803 1400a18c3 1793->1803 1795 1400a191e-1400a1920 1794->1795 1796 1400a1923-1400a1930 1794->1796 1795->1796 1798 1400a194b-1400a195a call 1400a0d90 call 1400a0d80 1796->1798 1799 1400a1932-1400a1948 call 1400a1618 1796->1799 1798->1670 1799->1798 1802->1794 1808 1400a18e5-1400a1903 call 140092e10 1802->1808 1806 1400a18c6-1400a18cd 1803->1806 1806->1802 1809 1400a18cf-1400a18dd 1806->1809 1814 1400a190f-1400a1916 1808->1814 1809->1802 1809->1806 1814->1794 1815 1400a1905-1400a1909 1814->1815 1815->1794 1816 1400a190b 1815->1816 1816->1814
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                  • API String ID: 355007559-239921721
                                                                  • Opcode ID: 4e267fd81a7984b2af7afa71f05677820aec786affd320299b4762449731f59c
                                                                  • Instruction ID: 0e2af64cfaed83a3ab014c0441055b0818baa83ef077c612d66b586912d86e0e
                                                                  • Opcode Fuzzy Hash: 4e267fd81a7984b2af7afa71f05677820aec786affd320299b4762449731f59c
                                                                  • Instruction Fuzzy Hash: 40D1E43670064086E762EF67E8513E967A1F7ACBD4F448225FF4947AE5DB38D481CB40
                                                                  Function 00000001400840A0 Relevance: 13.9, APIs: 9, Instructions: 408networkfileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1817 1400840a0-14008423e 1818 140084240-140084247 1817->1818 1818->1818 1819 140084249-14008427c call 1400475f0 InternetOpenA 1818->1819 1822 140084282-140084298 1819->1822 1823 140084315-14008432c 1819->1823 1824 1400842a0-1400842a8 1822->1824 1825 14008432e 1823->1825 1826 140084331-140084358 InternetOpenUrlA 1823->1826 1827 1400842aa-1400842bb 1824->1827 1828 1400842db-140084314 call 1400ad120 1824->1828 1825->1826 1829 140084389-1400843b4 HttpQueryInfoW 1826->1829 1830 14008435a-140084384 1826->1830 1833 1400842bd-1400842d0 1827->1833 1834 1400842d6 call 1400ad140 1827->1834 1831 1400843ef-14008444a HttpQueryInfoW 1829->1831 1832 1400843b6-1400843ea 1829->1832 1830->1824 1839 14008444c-140084462 call 140092e10 1831->1839 1840 140084478-14008448e InternetQueryDataAvailable 1831->1840 1832->1831 1833->1834 1837 140084715-14008471a call 140096b14 1833->1837 1834->1828 1850 14008471b-140084720 call 14002b820 1837->1850 1839->1840 1854 140084464-140084473 call 1400474a0 1839->1854 1843 140084673-1400846c6 InternetCloseHandle 1840->1843 1844 140084494-140084499 1840->1844 1853 1400846cf-1400846d8 1843->1853 1848 1400844a0-1400844a6 1844->1848 1848->1843 1851 1400844ac-1400844c6 1848->1851 1856 140084539-140084551 InternetReadFile 1851->1856 1857 1400844c8-1400844ce 1851->1857 1853->1828 1858 1400846de-1400846ef 1853->1858 1854->1840 1860 14008462d-140084634 1856->1860 1861 140084557-14008455c 1856->1861 1863 1400844fc-1400844ff call 1400ad148 1857->1863 1864 1400844d0-1400844d7 1857->1864 1858->1834 1865 1400846f5-140084708 1858->1865 1860->1843 1868 140084636-140084647 1860->1868 1861->1860 1867 140084562-14008456d 1861->1867 1877 140084504-140084534 call 1400bff10 1863->1877 1864->1850 1869 1400844dd-1400844e8 call 1400ad148 1864->1869 1865->1837 1871 14008470a 1865->1871 1872 14008459f-1400845b9 call 140047f30 1867->1872 1873 14008456f-14008459d call 1400bf870 1867->1873 1874 140084649-14008465c 1868->1874 1875 140084662-14008466f call 1400ad140 1868->1875 1879 14008470f-140084714 call 140096b14 1869->1879 1887 1400844ee-1400844fa 1869->1887 1871->1834 1890 1400845ba-1400845c1 1872->1890 1873->1890 1874->1875 1874->1879 1875->1843 1877->1856 1879->1837 1887->1877 1892 1400845c3-1400845d4 1890->1892 1893 140084604 1890->1893 1894 1400845ef-140084602 call 1400ad140 1892->1894 1895 1400845d6-1400845e9 1892->1895 1896 140084606-14008461c InternetQueryDataAvailable 1893->1896 1894->1896 1895->1879 1895->1894 1896->1843 1897 14008461e-140084628 1896->1897 1897->1848
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
                                                                  • String ID:
                                                                  • API String ID: 1475545111-0
                                                                  • Opcode ID: 5564f8b7e3b8cda5b9e7844f531143998aac2b6f73e955ce09d41620cba67f2b
                                                                  • Instruction ID: f0be8985bf0e26381fb0b58506fa69bef840138c90a8d4bbed39db66bf6f3b00
                                                                  • Opcode Fuzzy Hash: 5564f8b7e3b8cda5b9e7844f531143998aac2b6f73e955ce09d41620cba67f2b
                                                                  • Instruction Fuzzy Hash: 27024933A14B9486EB11CB6AE84039E77A5F7997D8F104215FF9857BA9EF78C190C700
                                                                  Function 00000001400BEF18 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1900 1400bef18-1400bef8b call 1400beafc 1903 1400bef8d-1400bef96 call 140093708 1900->1903 1904 1400befa5-1400befaf call 1400a3f2c 1900->1904 1909 1400bef99-1400befa0 call 140093728 1903->1909 1910 1400befca-1400bf033 CreateFileW 1904->1910 1911 1400befb1-1400befc8 call 140093708 call 140093728 1904->1911 1925 1400bf2e6-1400bf306 1909->1925 1914 1400bf0b0-1400bf0bb GetFileType 1910->1914 1915 1400bf035-1400bf03b 1910->1915 1911->1909 1917 1400bf10e-1400bf115 1914->1917 1918 1400bf0bd-1400bf0f8 call 1400d3168 call 14009369c call 1400d3140 1914->1918 1920 1400bf07d-1400bf0ab call 1400d3168 call 14009369c 1915->1920 1921 1400bf03d-1400bf041 1915->1921 1922 1400bf11d-1400bf120 1917->1922 1923 1400bf117-1400bf11b 1917->1923 1918->1909 1947 1400bf0fe-1400bf109 call 140093728 1918->1947 1920->1909 1921->1920 1928 1400bf043-1400bf07b CreateFileW 1921->1928 1929 1400bf126-1400bf17b call 1400a3e44 1922->1929 1931 1400bf122 1922->1931 1923->1929 1928->1914 1928->1920 1940 1400bf19a-1400bf1cb call 1400be87c 1929->1940 1941 1400bf17d-1400bf189 call 1400bed04 1929->1941 1931->1929 1949 1400bf1cd-1400bf1cf 1940->1949 1950 1400bf1d1-1400bf213 1940->1950 1941->1940 1951 1400bf18b 1941->1951 1947->1909 1953 1400bf18d-1400bf195 call 14009be00 1949->1953 1954 1400bf235-1400bf240 1950->1954 1955 1400bf215-1400bf219 1950->1955 1951->1953 1953->1925 1958 1400bf2e4 1954->1958 1959 1400bf246-1400bf24a 1954->1959 1955->1954 1957 1400bf21b-1400bf230 1955->1957 1957->1954 1958->1925 1959->1958 1961 1400bf250-1400bf295 call 1400d3140 CreateFileW 1959->1961 1965 1400bf2ca-1400bf2df 1961->1965 1966 1400bf297-1400bf2c5 call 1400d3168 call 14009369c call 1400a406c 1961->1966 1965->1958 1966->1965
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                  • String ID:
                                                                  • API String ID: 1617910340-0
                                                                  • Opcode ID: ad973e6908b5c5e029224e3ab01ca94b19cb4adaabd133e22d80478e6497b413
                                                                  • Instruction ID: 320eb96e718149e4e7e60864c9bbf8eacca92e1ca184eaa25a96958780752bf2
                                                                  • Opcode Fuzzy Hash: ad973e6908b5c5e029224e3ab01ca94b19cb4adaabd133e22d80478e6497b413
                                                                  • Instruction Fuzzy Hash: 41C1AB76720A418AEB11CFAAC4917EC37B1E74DBE8F115615EB2A9B7A5CB38C452C700
                                                                  Function 0000000140065250 Relevance: 13.4, APIs: 1, Strings: 6, Instructions: 1136COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1973 140065250-1400658ee call 14002d4e0 call 14002d370 1981 1400658f0-1400658f7 1973->1981 1981->1981 1982 1400658f9-1400698b7 call 140054b20 call 14002d810 call 14002eaf0 call 14002e240 call 140096b14 * 3 call 14002e1d0 call 140096b14 call 140042970 call 140046930 call 140046a00 call 1400af748 call 140096b14 * 2 call 14002cf70 call 14002e0c0 call 14002e1d0 call 14002e240 call 140096b14 call 14002e1d0 * 2 call 140096b14 call 140042970 call 140046930 call 140046a00 call 1400af748 call 140096b14 call 14002e0c0 call 14002cf70 call 140096b14 call 14002e240 call 140096b14 * 3 call 14002e1d0 call 140096b14 call 140042970 call 140046930 call 140046a00 call 1400af748 call 140096b14 * 2 call 14002cf70 call 14002e0c0 call 14002e1d0 call 14002e240 call 14002e1d0 * 4 call 14002cf70 call 14002e1d0 * 3 call 14002cf70 call 140096b14 * 3 call 14007eea0 call 1400bff10 GetModuleFileNameW 1981->1982 2112 1400698c0-1400698c9 1982->2112 2112->2112 2113 1400698cb-140069ade call 140036490 2112->2113 2116 140069ae1-140069aea 2113->2116 2116->2116 2117 140069aec-140069d7d call 140036490 call 140036720 call 140044f90 2116->2117 2127 140069d80-140069d89 2117->2127 2127->2127 2128 140069d8b-14006a01e call 140036490 call 140036720 call 140044f90 2127->2128 2138 14006a021-14006a02a 2128->2138 2138->2138 2139 14006a02c-14006a500 call 140036490 call 14002d4a0 call 140044f90 2138->2139 2152 14006a503-14006a50c 2139->2152 2152->2152 2153 14006a50e-14006a7bd call 140036490 call 140036720 call 140044f90 2152->2153 2163 14006a7c0-14006a7c9 2153->2163 2163->2163 2164 14006a7cb-14006aa70 call 140036490 call 140036720 call 140044f90 2163->2164 2174 14006aa73-14006aa7c 2164->2174 2174->2174 2175 14006aa7e-14006ac8b call 140036490 call 140036720 call 140044f90 2174->2175 2185 14006ac90-14006ac99 2175->2185 2185->2185 2186 14006ac9b-14006afc7 call 140036490 call 140036720 call 140044f90 2185->2186 2196 14006afd0-14006afd8 2186->2196 2196->2196 2197 14006afda-14006b226 call 140036490 call 140036720 call 140044f90 call 14002cf70 call 140064c70 2196->2197
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
                                                                  • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
                                                                  • API String ID: 3645842244-1862120484
                                                                  • Opcode ID: faa1d1145ba5e556b848c73fd33eef50efad81b8938a0009e7cdda006ddcc96c
                                                                  • Instruction ID: 031dd4974e96f4dd573688d53c9078fa1c6111530a30c886699dc0fc79c76709
                                                                  • Opcode Fuzzy Hash: faa1d1145ba5e556b848c73fd33eef50efad81b8938a0009e7cdda006ddcc96c
                                                                  • Instruction Fuzzy Hash: FED21272519BC885D6718B1AF88139BB3A1F79D784F505229EBCD53B69EB7CC290CB00
                                                                  Function 00000001400320B0 Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 684registryCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 2211 1400320b0-140032182 2212 140032185-14003218c 2211->2212 2212->2212 2213 14003218e-1400322ea call 1400475f0 2212->2213 2216 1400322f0-1400322f8 2213->2216 2216->2216 2217 1400322fa-140032378 call 1400475f0 2216->2217 2220 140032380-140032388 2217->2220 2220->2220 2221 14003238a-140032411 call 1400475f0 RegOpenKeyExA 2220->2221 2224 140032417-140032456 RegQueryValueExA 2221->2224 2225 1400324ee-1400324f5 2221->2225 2224->2225 2226 14003245c-1400324a9 call 1400475f0 call 1400418a0 2224->2226 2227 1400324f7 RegCloseKey 2225->2227 2228 1400324fd-14003256e call 140054b20 2225->2228 2246 1400324ab-1400324bf 2226->2246 2247 1400324df-1400324e7 2226->2247 2227->2228 2233 1400325a2-1400325b5 2228->2233 2234 140032570-140032582 2228->2234 2238 140032aa3-140032aae 2233->2238 2239 1400325bb-140032601 call 14002eaf0 2233->2239 2236 140032584-140032597 2234->2236 2237 14003259d call 1400ad140 2234->2237 2236->2237 2243 140032c55-140032c5a call 140096b14 2236->2243 2237->2233 2241 140032ae9-140032b0e 2238->2241 2242 140032ab0-140032ac9 2238->2242 2263 140032607-14003260a 2239->2263 2264 140032c25-140032c27 2239->2264 2251 140032b44-140032b5e 2241->2251 2252 140032b10-140032b24 2241->2252 2248 140032ae4 call 1400ad140 2242->2248 2249 140032acb-140032ade 2242->2249 2267 140032c5b-140032c70 call 14002e1d0 2243->2267 2254 1400324c1-1400324d4 2246->2254 2255 1400324da call 1400ad140 2246->2255 2247->2225 2248->2241 2249->2248 2256 140032c71-140032c76 call 140096b14 2249->2256 2261 140032b94-140032bae 2251->2261 2262 140032b60-140032b74 2251->2262 2259 140032b26-140032b39 2252->2259 2260 140032b3f call 1400ad140 2252->2260 2254->2255 2265 140032c4f-140032c54 call 140096b14 2254->2265 2255->2247 2295 140032c77-140032c7c call 140096b14 2256->2295 2259->2260 2268 140032c8f-140032c94 call 140096b14 2259->2268 2260->2251 2276 140032be0-140032c24 call 1400ad120 2261->2276 2277 140032bb0-140032bc4 2261->2277 2273 140032b76-140032b89 2262->2273 2274 140032b8f call 1400ad140 2262->2274 2263->2238 2275 140032610-14003262d call 140044100 2263->2275 2269 140032c34-140032c4e call 14002e240 2264->2269 2270 140032c29 2264->2270 2265->2243 2267->2256 2287 140032c95-140032c9a call 140096b14 2268->2287 2269->2265 2270->2238 2273->2274 2273->2287 2274->2261 2275->2267 2302 140032633-14003264e 2275->2302 2279 140032bc6-140032bd9 2277->2279 2280 140032bdb call 1400ad140 2277->2280 2279->2280 2290 140032c2e-140032c33 call 140096b14 2279->2290 2280->2276 2290->2269 2308 140032c7d-140032c82 call 140096b14 2295->2308 2305 140032658-14003268e call 14002e8c0 2302->2305 2306 140032650-140032654 2302->2306 2311 140032690-140032699 2305->2311 2312 14003269d-1400326be call 14002e9a0 2305->2312 2306->2305 2314 140032c83-140032c88 call 140096b14 2308->2314 2311->2312 2319 1400326c4-1400326c8 2312->2319 2320 140032a01-140032a0b 2312->2320 2321 140032c89-140032c8e call 14002cf70 2314->2321 2322 1400326d0-1400326e5 call 14007e7e0 2319->2322 2323 140032a37-140032a41 2320->2323 2324 140032a0d-140032a17 2320->2324 2321->2268 2335 1400326eb-140032737 call 140042a00 call 14002d4e0 call 14002d370 2322->2335 2336 1400329de-1400329fb call 14002f380 call 14002e7b0 2322->2336 2325 140032a43-140032a4d 2323->2325 2326 140032a6d-140032a74 2323->2326 2324->2323 2329 140032a19-140032a2b 2324->2329 2325->2326 2330 140032a4f-140032a61 2325->2330 2326->2238 2332 140032a76-140032a80 2326->2332 2329->2323 2341 140032a2d-140032a36 2329->2341 2330->2326 2342 140032a63-140032a6c 2330->2342 2332->2238 2334 140032a82-140032a96 2332->2334 2334->2238 2347 140032a98-140032aa2 2334->2347 2356 14003273c-1400327db call 1400442d0 call 1400445a0 call 1400475f0 call 1400408c0 call 140042fb0 2335->2356 2357 140032739 2335->2357 2336->2320 2336->2322 2341->2323 2342->2326 2347->2238 2368 14003280e-140032826 2356->2368 2369 1400327dd-1400327ee 2356->2369 2357->2356 2370 140032828-140032839 2368->2370 2371 140032859-140032871 2368->2371 2372 140032809 call 1400ad140 2369->2372 2373 1400327f0-140032803 2369->2373 2375 140032854 call 1400ad140 2370->2375 2376 14003283b-14003284e 2370->2376 2377 140032873-140032889 2371->2377 2378 1400328a9-1400328c7 2371->2378 2372->2368 2373->2295 2373->2372 2375->2371 2376->2308 2376->2375 2380 1400328a4 call 1400ad140 2377->2380 2381 14003288b-14003289e 2377->2381 2378->2321 2382 1400328cd-1400329dd call 14005c490 call 1400475f0 call 1400408c0 call 140042fb0 call 140041970 call 1400408c0 call 140041970 call 1400408c0 call 140040760 call 140042fb0 2378->2382 2380->2378 2381->2314 2381->2380 2382->2336
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseOpenQueryValue
                                                                  • String ID: content$directory_iterator::directory_iterator$exists$filename
                                                                  • API String ID: 3677997916-1400943384
                                                                  • Opcode ID: 2316d6660ad33f69ae55bd29c0a13a611ed398c49c268220a2994983f1843a00
                                                                  • Instruction ID: fdd2384dfce0150235b7be390f6418f44b90b76628f1849b6480400e0b2e9a5f
                                                                  • Opcode Fuzzy Hash: 2316d6660ad33f69ae55bd29c0a13a611ed398c49c268220a2994983f1843a00
                                                                  • Instruction Fuzzy Hash: 7D724C72611BC499EB228F36D8803DD77A0F789798F109215EB9D5BBA9EF74C680C340
                                                                  Function 000000014007DF10 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451fileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 2404 14007df10-14007df95 call 14002eaf0 2407 14007df97-14007df99 2404->2407 2408 14007dfa1-14007dfa4 2404->2408 2409 14007e6b0-14007e6c6 call 14002e240 2407->2409 2410 14007df9f 2407->2410 2411 14007dfb7-14007dfd0 call 1400bff10 2408->2411 2412 14007dfa6-14007dfb2 2408->2412 2419 14007e6c7-14007e6cc call 140096b14 2409->2419 2410->2412 2421 14007dfd5-14007e03b call 140049810 2411->2421 2422 14007dfd2 2411->2422 2414 14007e62f-14007e65b call 1400ad120 2412->2414 2429 14007e6cd-14007e701 call 14002bbd0 call 14002cdc0 call 1400af748 2419->2429 2427 14007e435-14007e46f call 14005ecb0 call 14005ebd0 2421->2427 2428 14007e041-14007e049 2421->2428 2422->2421 2443 14007e471-14007e482 call 1400474a0 2427->2443 2444 14007e48e-14007e51c call 14005ecb0 call 14008c1f0 2427->2444 2430 14007e04e-14007e071 call 140088720 call 1400888e0 2428->2430 2431 14007e04b 2428->2431 2449 14007e077-14007e08d 2430->2449 2450 14007e14c-14007e166 GetFileSize 2430->2450 2431->2430 2454 14007e487 2443->2454 2444->2429 2473 14007e522-14007e526 call 1400425e0 2444->2473 2456 14007e0c3-14007e147 call 1400402b0 2449->2456 2457 14007e08f-14007e0a3 2449->2457 2452 14007e168-14007e18b 2450->2452 2453 14007e18d-14007e1a3 2450->2453 2458 14007e1f2-14007e23b SetFilePointer ReadFile 2452->2458 2459 14007e1d5-14007e1ed call 140047d80 2453->2459 2460 14007e1a5-14007e1d3 call 1400bff10 2453->2460 2454->2444 2474 14007e61b-14007e62a call 1400bb1ec 2456->2474 2462 14007e0a5-14007e0b8 2457->2462 2463 14007e0be call 1400ad140 2457->2463 2467 14007e352-14007e376 2458->2467 2468 14007e241-14007e293 2458->2468 2459->2458 2460->2458 2462->2419 2462->2463 2463->2456 2479 14007e378-14007e38c 2467->2479 2480 14007e3ac-14007e430 call 1400402b0 2467->2480 2481 14007e295-14007e2a9 2468->2481 2482 14007e2c9-14007e34d call 1400402b0 2468->2482 2483 14007e52b-14007e52e 2473->2483 2474->2414 2485 14007e3a7 call 1400ad140 2479->2485 2486 14007e38e-14007e3a1 2479->2486 2480->2474 2488 14007e2c4 call 1400ad140 2481->2488 2489 14007e2ab-14007e2be 2481->2489 2482->2474 2490 14007e530-14007e557 2483->2490 2491 14007e55d-14007e617 call 1400402b0 2483->2491 2485->2480 2486->2419 2486->2485 2488->2482 2489->2419 2489->2488 2490->2491 2495 14007e65c-14007e65f 2490->2495 2491->2474 2498 14007e661-14007e668 2495->2498 2499 14007e66a-14007e67b 2495->2499 2501 14007e67f-14007e6af call 14002bbd0 call 14002cdc0 call 1400af748 2498->2501 2499->2501 2501->2409
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: File$PointerReadSize
                                                                  • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                  • API String ID: 404940565-15404121
                                                                  • Opcode ID: 0683f384183c2aee485083eaa643c96062efc2106c8fae226bcd34debfb2e5c9
                                                                  • Instruction ID: a7efa278b789a091a952ecf7804818e508a819529244d4e7b1ee4b8bfe63f7b0
                                                                  • Opcode Fuzzy Hash: 0683f384183c2aee485083eaa643c96062efc2106c8fae226bcd34debfb2e5c9
                                                                  • Instruction Fuzzy Hash: 69322632611BC489EB21CF35D8807DD77A1F789B88F508226EB8D5BBA9EB74C645C700
                                                                  Function 00000001400A1978 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                  • String ID: Eastern Standard Time$Eastern Summer Time
                                                                  • API String ID: 3458911817-239921721
                                                                  • Opcode ID: 79a3bef5671be3ea62fc3f2afacbfa5a121da07fba2b20aeaa9856bd679d23df
                                                                  • Instruction ID: 4ab37d3fa7c9fdb582fe448a726573fe52a466e20a16ed51a879e3e0b2c8cc1e
                                                                  • Opcode Fuzzy Hash: 79a3bef5671be3ea62fc3f2afacbfa5a121da07fba2b20aeaa9856bd679d23df
                                                                  • Instruction Fuzzy Hash: 8951613621064086F762EF67F9817D97760F7ACBC4F444626FB4987AB6DB38D4818B40
                                                                  Function 0000000140097A4C Relevance: 9.2, APIs: 6, Instructions: 227COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 1405656091-0
                                                                  • Opcode ID: 500d264b94c76e10bb7ad506ef0a555ed75bc66b43a59da6eb24dc754e51f7a2
                                                                  • Instruction ID: 28c35c292e486cd51e7828065e4e2486622d87188324d2f30eb372141ce4aa21
                                                                  • Opcode Fuzzy Hash: 500d264b94c76e10bb7ad506ef0a555ed75bc66b43a59da6eb24dc754e51f7a2
                                                                  • Instruction Fuzzy Hash: 1A81C7B3B012458BEB598F36D9417EC63A5E798BC8F049129EB0D8B7A9EB38D541C740
                                                                  Function 0000000140048E80 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 417COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: __std_exception_destroy
                                                                  • String ID: value
                                                                  • API String ID: 2453523683-494360628
                                                                  • Opcode ID: f3ab481adf26e7fc62f689a1b14253d57f24bd398a58451cc93ee0ee3af88f39
                                                                  • Instruction ID: 4157f297126a23fe588f45231007c796bee3a81a254ffe5b804a119b388bf979
                                                                  • Opcode Fuzzy Hash: f3ab481adf26e7fc62f689a1b14253d57f24bd398a58451cc93ee0ee3af88f39
                                                                  • Instruction Fuzzy Hash: 17028B72624BC085EB02DB76D4803ED6761E78A7E4F515222FB9E43AEADF78C185C700
                                                                  Function 000000014003D680 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                  • String ID: [PID:
                                                                  • API String ID: 420147892-2210602247
                                                                  • Opcode ID: 0c950f8b155bc2ef1efead22239ab0028e84ac47bfa0f278c3d4f43e35984d4a
                                                                  • Instruction ID: cece93d552114422a5db79efb6cb5b095d6d34e54e317ad826c2fed787882349
                                                                  • Opcode Fuzzy Hash: 0c950f8b155bc2ef1efead22239ab0028e84ac47bfa0f278c3d4f43e35984d4a
                                                                  • Instruction Fuzzy Hash: 54E16172614BC085EB22DB26E8803DE77A5F7897A4F505216FB9D47BA9DF78C284C700
                                                                  Function 000000014008A560 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                  • String ID:
                                                                  • API String ID: 3038321057-0
                                                                  • Opcode ID: 012d78ec9778671e051357f93a4634913505e7a4763b4c3b036141e78afb5143
                                                                  • Instruction ID: e6ed573dd5adc179a62c0c43ff1dd623381a8e6f68e1d36954cd8c9a6a60e3b9
                                                                  • Opcode Fuzzy Hash: 012d78ec9778671e051357f93a4634913505e7a4763b4c3b036141e78afb5143
                                                                  • Instruction Fuzzy Hash: 8E215C32218B8082E761CF22F45439AB7A0FB8DBD0F598125FB8947B68DF7DC5568B00
                                                                  Function 000000014003BA80 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Cred$EnumerateFree
                                                                  • String ID: cannot use push_back() with
                                                                  • API String ID: 3403564193-4122110429
                                                                  • Opcode ID: 10ff68bfcf696204dfea02bd2271975a172f589f5c10e72978e025579e9ae02f
                                                                  • Instruction ID: 15e837bc0680750b5105bb68f1ec756bb9003d5bb125d07902e424ac5bc16deb
                                                                  • Opcode Fuzzy Hash: 10ff68bfcf696204dfea02bd2271975a172f589f5c10e72978e025579e9ae02f
                                                                  • Instruction Fuzzy Hash: 34627D72614BC489EB228F26E8803DE7761F789798F504316EBAD57BA9DB74C294C700
                                                                  Function 0000000140086250 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217timeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: InformationTimeZone
                                                                  • String ID: [UTC
                                                                  • API String ID: 565725191-1715286942
                                                                  • Opcode ID: dae8efce5d2530c78139cd26f997094fb4b1ed245d954789b40324fff528bad9
                                                                  • Instruction ID: 0f088bd619a210dec1cb0986f13bb44e3f6854156ff9e1ffbd8192f932ae259b
                                                                  • Opcode Fuzzy Hash: dae8efce5d2530c78139cd26f997094fb4b1ed245d954789b40324fff528bad9
                                                                  • Instruction Fuzzy Hash: 5CB12832614BC88AD7718F2AE84139AB7A5F79C788F105315EBCC57B69EB78C250CB44
                                                                  Function 000000014007B7D0 Relevance: 3.4, APIs: 2, Instructions: 391COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ExecuteFileModuleNameShell
                                                                  • String ID:
                                                                  • API String ID: 1703432166-0
                                                                  • Opcode ID: 8cf5c74d64a0911ccf009ca7f061b764517e4121d83dc6aa143f050b31a04890
                                                                  • Instruction ID: fcdc6028fe68c1de9c1d61a4c27d8a3d82f381935235dac80c5d4554a44c27d4
                                                                  • Opcode Fuzzy Hash: 8cf5c74d64a0911ccf009ca7f061b764517e4121d83dc6aa143f050b31a04890
                                                                  • Instruction Fuzzy Hash: AA121772625F848ADB418F2AE88079EB3A4F788788F506215FFDD57B69EB38C150C700
                                                                  Function 0000000140076AA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CryptDataFreeLocalUnprotect
                                                                  • String ID:
                                                                  • API String ID: 1561624719-0
                                                                  • Opcode ID: 0f57a5f6f00cf3114cdad985b88ad97b4443b737a92ed5702ae11a0636d70846
                                                                  • Instruction ID: 7804563b8dd68e9e0661087fd5dbb69b584154c51fa0838d7a27f1f595743b83
                                                                  • Opcode Fuzzy Hash: 0f57a5f6f00cf3114cdad985b88ad97b4443b737a92ed5702ae11a0636d70846
                                                                  • Instruction Fuzzy Hash: FC416032614B80CAE3219F75E4403ED37A4F75978CF084229BB8907E9ADB79C6A4C758
                                                                  Function 0000000140084FB0 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: NameUser
                                                                  • String ID:
                                                                  • API String ID: 2645101109-0
                                                                  • Opcode ID: e5988426a38de09ee6cf2dd1c57c0096c2fcff121a7d67ee165aa271772a2a34
                                                                  • Instruction ID: 4cc3c8844ba736298f8bd32032979993a0d240d019a900159361ccb08714f342
                                                                  • Opcode Fuzzy Hash: e5988426a38de09ee6cf2dd1c57c0096c2fcff121a7d67ee165aa271772a2a34
                                                                  • Instruction Fuzzy Hash: FC011B3261868082E762DF26E8513DAB3A4F79C7C8F441226FB8D47669DBBCC194CB40
                                                                  Function 000000014007DAE0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194windowCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 40 14007dae0-14007db1b call 14007d860 43 14007db1d-14007db2c EnterCriticalSection 40->43 44 14007db5c 40->44 46 14007db80-14007db9a LeaveCriticalSection GdipGetImageEncodersSize 43->46 47 14007db2e-14007db50 GdiplusStartup 43->47 45 14007db61-14007db7f call 1400ad120 44->45 46->44 50 14007db9c-14007dbaf 46->50 47->46 48 14007db52-14007db56 LeaveCriticalSection 47->48 48->44 52 14007dbb1-14007dbba call 14007d5f0 50->52 53 14007dbeb-14007dbf9 call 140096c98 50->53 60 14007dbe8 52->60 61 14007dbbc-14007dbc6 52->61 58 14007dc00-14007dc0a 53->58 59 14007dbfb-14007dbfe 53->59 62 14007dc0e 58->62 59->62 60->53 63 14007dbc8 61->63 64 14007dbd2-14007dbe6 call 1400adde0 61->64 65 14007dc11-14007dc14 62->65 63->64 64->65 67 14007dc16-14007dc1b 65->67 68 14007dc20-14007dc2e GdipGetImageEncoders 65->68 70 14007dd8e-14007dd91 67->70 71 14007dc34-14007dc3d 68->71 72 14007dd79-14007dd7e 68->72 75 14007ddb4-14007ddb6 70->75 76 14007dd93-14007dd97 70->76 73 14007dc6f 71->73 74 14007dc3f-14007dc4d 71->74 72->70 79 14007dc76-14007dc86 73->79 77 14007dc50-14007dc5b 74->77 75->45 78 14007dda0-14007ddb2 call 140095ee0 76->78 82 14007dc68-14007dc6d 77->82 83 14007dc5d-14007dc62 77->83 78->75 80 14007dc88-14007dc99 79->80 81 14007dc9f-14007dcbb 79->81 80->72 80->81 85 14007dd28-14007dd67 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 81->85 86 14007dcbd-14007dd16 GdipCreateBitmapFromScan0 GdipSaveImageToStream 81->86 82->73 82->77 83->82 87 14007dd1d-14007dd21 83->87 91 14007dd80-14007dd8d GdipDisposeImage 85->91 92 14007dd69 85->92 89 14007dd18-14007dd1b 86->89 90 14007dd26 86->90 87->79 93 14007dd6c-14007dd73 GdipDisposeImage 89->93 90->91 91->70 92->93 93->72
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                                                  • String ID: &
                                                                  • API String ID: 1703174404-3042966939
                                                                  • Opcode ID: 0b8d952391a50375ef43d6746334d8a0080f61def9520b6ac6a34ec75f65a789
                                                                  • Instruction ID: 9499a8a96b76f9eeaec96d38e309a061bbf0e919148de72399f1f56bad800c58
                                                                  • Opcode Fuzzy Hash: 0b8d952391a50375ef43d6746334d8a0080f61def9520b6ac6a34ec75f65a789
                                                                  • Instruction Fuzzy Hash: EE911932200B819AEB229F22E8407D977B4F75CBD8F558217FB5957BA4DB38C995C380
                                                                  Function 000000014007EB00 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 226networkCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 848 14007eb00-14007ec26 call 140084730 call 14005c490 call 1400475f0 call 1400408c0 call 1400475f0 call 1400408c0 call 140042fb0 WSAStartup 863 14007ece7 848->863 864 14007ec2c-14007ec4c socket 848->864 867 14007ece9-14007ecf1 863->867 865 14007ec52-14007ec7e htons 864->865 866 14007ece1 WSACleanup 864->866 868 14007ec84-14007ec94 call 14008c3e0 865->868 869 14007ed89-14007edba call 14007ddc0 call 140041690 865->869 866->863 870 14007ed24-14007ed65 call 1400ad120 867->870 871 14007ecf3-14007ed04 867->871 883 14007ec96 868->883 884 14007ec99-14007ecc5 inet_pton connect 868->884 893 14007edf2-14007ee0f call 14007ddc0 869->893 894 14007edbc-14007edd2 869->894 875 14007ed06-14007ed19 871->875 876 14007ed1f call 1400ad140 871->876 875->876 880 14007ee8b-14007ee90 call 140096b14 875->880 876->870 890 14007ee91-14007ee96 call 140096b14 880->890 883->884 887 14007ed66-14007ed70 884->887 888 14007eccb-14007ecd2 884->888 887->869 891 14007ed72-14007ed7b 887->891 888->868 892 14007ecd4-14007ecdb closesocket 888->892 897 14007ed80-14007ed88 call 1400435c0 891->897 898 14007ed7d 891->898 892->866 902 14007ee14-14007ee38 call 140041690 893->902 899 14007edd4-14007ede7 894->899 900 14007eded call 1400ad140 894->900 897->869 898->897 899->890 899->900 900->893 908 14007ee74-14007ee80 902->908 909 14007ee3a-14007ee50 902->909 908->867 910 14007ee67-14007ee6c call 1400ad140 909->910 911 14007ee52-14007ee65 909->911 910->908 911->910 912 14007ee85-14007ee8a call 140096b14 911->912 912->880
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                                                  • String ID: geo$system
                                                                  • API String ID: 213021568-2364779556
                                                                  • Opcode ID: f4e87fcd7956cbe3016ebbdf261cfb37972362d5bb75c3155be231a23d4669a3
                                                                  • Instruction ID: a025bd78097a622ce99f6dd631d164278a997d1e4bf617748a8d7ff18237b3ae
                                                                  • Opcode Fuzzy Hash: f4e87fcd7956cbe3016ebbdf261cfb37972362d5bb75c3155be231a23d4669a3
                                                                  • Instruction Fuzzy Hash: BEB18D72B11A8095FB02DBB6D4803DC33B2AB9DB98F415216EB5927BF9DE38C546C340
                                                                  Function 000000014009F1EC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 2508 14009f1ec-14009f212 2509 14009f22d-14009f231 2508->2509 2510 14009f214-14009f228 call 140093708 call 140093728 2508->2510 2512 14009f607-14009f613 call 140093708 call 140093728 2509->2512 2513 14009f237-14009f23e 2509->2513 2524 14009f61e 2510->2524 2531 14009f619 call 140096af4 2512->2531 2513->2512 2515 14009f244-14009f272 2513->2515 2515->2512 2518 14009f278-14009f27f 2515->2518 2521 14009f281-14009f293 call 140093708 call 140093728 2518->2521 2522 14009f298-14009f29b 2518->2522 2521->2531 2527 14009f2a1-14009f2a7 2522->2527 2528 14009f603-14009f605 2522->2528 2529 14009f621-14009f638 2524->2529 2527->2528 2532 14009f2ad-14009f2b0 2527->2532 2528->2529 2531->2524 2532->2521 2533 14009f2b2-14009f2d7 2532->2533 2536 14009f30a-14009f311 2533->2536 2537 14009f2d9-14009f2db 2533->2537 2541 14009f313-14009f33b call 14009d17c call 14009bc88 * 2 2536->2541 2542 14009f2e6-14009f2fd call 140093708 call 140093728 call 140096af4 2536->2542 2539 14009f2dd-14009f2e4 2537->2539 2540 14009f302-14009f308 2537->2540 2539->2540 2539->2542 2544 14009f388-14009f39f 2540->2544 2569 14009f33d-14009f353 call 140093728 call 140093708 2541->2569 2570 14009f358-14009f383 call 14009f8ac 2541->2570 2573 14009f490 2542->2573 2547 14009f41a-14009f424 call 1400a822c 2544->2547 2548 14009f3a1-14009f3a9 2544->2548 2560 14009f42a-14009f43f 2547->2560 2561 14009f4ae 2547->2561 2548->2547 2552 14009f3ab-14009f3ad 2548->2552 2552->2547 2557 14009f3af-14009f3c5 2552->2557 2557->2547 2562 14009f3c7-14009f3d3 2557->2562 2560->2561 2567 14009f441-14009f453 GetConsoleMode 2560->2567 2565 14009f4b3-14009f4d3 ReadFile 2561->2565 2562->2547 2563 14009f3d5-14009f3d7 2562->2563 2563->2547 2568 14009f3d9-14009f3f1 2563->2568 2571 14009f4d9-14009f4e1 2565->2571 2572 14009f5cd-14009f5d6 call 1400d3168 2565->2572 2567->2561 2574 14009f455-14009f45d 2567->2574 2568->2547 2576 14009f3f3-14009f3ff 2568->2576 2569->2573 2570->2544 2571->2572 2578 14009f4e7 2571->2578 2590 14009f5f3-14009f5f6 2572->2590 2591 14009f5d8-14009f5ee call 140093728 call 140093708 2572->2591 2575 14009f493-14009f49d call 14009bc88 2573->2575 2574->2565 2580 14009f45f-14009f481 ReadConsoleW 2574->2580 2575->2529 2576->2547 2584 14009f401-14009f403 2576->2584 2586 14009f4ee-14009f503 2578->2586 2588 14009f4a2-14009f4ac 2580->2588 2589 14009f483 call 1400d3168 2580->2589 2584->2547 2593 14009f405-14009f415 2584->2593 2586->2575 2595 14009f505-14009f510 2586->2595 2588->2586 2598 14009f489-14009f48b call 14009369c 2589->2598 2590->2598 2599 14009f5fc-14009f5fe 2590->2599 2591->2573 2593->2547 2601 14009f512-14009f52b call 14009ee04 2595->2601 2602 14009f537-14009f53f 2595->2602 2598->2573 2599->2575 2612 14009f530-14009f532 2601->2612 2606 14009f5bb-14009f5c8 call 14009ec44 2602->2606 2607 14009f541-14009f553 2602->2607 2606->2612 2608 14009f5ae-14009f5b6 2607->2608 2609 14009f555 2607->2609 2608->2575 2613 14009f55a-14009f561 2609->2613 2612->2575 2616 14009f59d-14009f5a8 2613->2616 2617 14009f563-14009f567 2613->2617 2616->2608 2618 14009f569-14009f570 2617->2618 2619 14009f583 2617->2619 2618->2619 2620 14009f572-14009f576 2618->2620 2621 14009f589-14009f599 2619->2621 2620->2619 2622 14009f578-14009f581 2620->2622 2621->2613 2623 14009f59b 2621->2623 2622->2621 2623->2608
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 9071ed9fea90e513551440adfc0d466023ce052b27686926662429a076c20654
                                                                  • Instruction ID: 89a76c2e7bd64f2e292d0171c67a85ad1a22fb2b88445312a06a55af962eb3af
                                                                  • Opcode Fuzzy Hash: 9071ed9fea90e513551440adfc0d466023ce052b27686926662429a076c20654
                                                                  • Instruction Fuzzy Hash: 2EC1F372218B8192EB629F57A4403FE7BA4F799BD4F594111FB4A077B1CFB8C8859700
                                                                  Function 000000014007D940 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                                                  • String ID:
                                                                  • API String ID: 4268643673-0
                                                                  • Opcode ID: 311328e0c1a3d6f09e9d2e4e36d225c093cfd7f693314f7d25c72e43ed53fafa
                                                                  • Instruction ID: ccad471ceb86da12b8052557114d3172f4fe174a1baea1f974d0ccb94854474a
                                                                  • Opcode Fuzzy Hash: 311328e0c1a3d6f09e9d2e4e36d225c093cfd7f693314f7d25c72e43ed53fafa
                                                                  • Instruction Fuzzy Hash: 19112532511B5091EB169F26E84039D73B4FB48FA8F288216AB6E076B4CF39C897C350
                                                                  Function 0000000140083890 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: recv$Cleanupclosesocket
                                                                  • String ID:
                                                                  • API String ID: 146070474-0
                                                                  • Opcode ID: e3529e4f086e916588a050fb794958e2ac0093eb24aceede0b4d9dbc2b460c77
                                                                  • Instruction ID: 2da43283a9dc6e515e407d9e93031c35698a04021dc8004dc304920df4a58cdd
                                                                  • Opcode Fuzzy Hash: e3529e4f086e916588a050fb794958e2ac0093eb24aceede0b4d9dbc2b460c77
                                                                  • Instruction Fuzzy Hash: 6E128D73618BC481EA229B26E4443DEA761F7DD7D0F505216EBAD47AEADF78C580CB00
                                                                  Function 000000014007E710 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                  • String ID:
                                                                  • API String ID: 215268677-0
                                                                  • Opcode ID: 90ae23b39752d8e562d256ccd9c16a94bf4e7d6f39fa52c22aeb40f361b48fa7
                                                                  • Instruction ID: b5218933ea7703c7e048df4ba95b441abb8dda8107fd4ab30233c47b2b803c5e
                                                                  • Opcode Fuzzy Hash: 90ae23b39752d8e562d256ccd9c16a94bf4e7d6f39fa52c22aeb40f361b48fa7
                                                                  • Instruction Fuzzy Hash: 5211FB72219B8082E7519F16F84038AB7A0FB8DB80F559125FB9947B68CF3CC455CB40
                                                                  Function 00000001400852C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Value
                                                                  • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                  • API String ID: 3702945584-1787575317
                                                                  • Opcode ID: 45beb6f7e78784f3d9509a1d3ea3717a7d34e9a73ec6a4c6398bfce9d8be6136
                                                                  • Instruction ID: 0923dad602657fcfdd4189dd7accdda6bd0898d30bf99b6bbaeadf04a2d916fd
                                                                  • Opcode Fuzzy Hash: 45beb6f7e78784f3d9509a1d3ea3717a7d34e9a73ec6a4c6398bfce9d8be6136
                                                                  • Instruction Fuzzy Hash: 55115E32208B8082EB219F22F4413DAB3A4F79DB88F904215EB9C47B69DFBCC155CB40
                                                                  Function 0000000140083C17 Relevance: 4.7, APIs: 3, Instructions: 182networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Cleanupclosesocketrecv
                                                                  • String ID:
                                                                  • API String ID: 3447645871-0
                                                                  • Opcode ID: 95e3429f520675f56c4b97f154f99d7dc85828c673adf1d39d37ca96e1e6d654
                                                                  • Instruction ID: 7db60b0abc5ae50f8d1ed737cd1e66b44ba841ec5a06357c0ac7b1b80de7ea70
                                                                  • Opcode Fuzzy Hash: 95e3429f520675f56c4b97f154f99d7dc85828c673adf1d39d37ca96e1e6d654
                                                                  • Instruction Fuzzy Hash: 989150B3A14BC481EA228B26E4443DE6761F7D97E0F505315EBAD07AEADF78C581C700
                                                                  Function 0000000140085FB1 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseEnumOpen
                                                                  • String ID:
                                                                  • API String ID: 1332880857-0
                                                                  • Opcode ID: fa56d9e272c57ab1efd7a57ecb14589b071b14ab9fb351ea4e3d4cd9b7db20a5
                                                                  • Instruction ID: 3126900138017e27c26b7e97fdf396bcda76f2f26d0a694c5074764b3548d2ce
                                                                  • Opcode Fuzzy Hash: fa56d9e272c57ab1efd7a57ecb14589b071b14ab9fb351ea4e3d4cd9b7db20a5
                                                                  • Instruction Fuzzy Hash: DF716C73A04B8486EB11CB66E44479E7761F7897E8F104616FBA917AEADF78C1C1C700
                                                                  Function 0000000140085F40 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: EnumOpen
                                                                  • String ID:
                                                                  • API String ID: 3231578192-0
                                                                  • Opcode ID: 6550f83a76ef02cb639577a8c322407ba9ca0699da3057204f7e0e5f7f356cfe
                                                                  • Instruction ID: d7a65414a419a411271327cc786576db46dcb625295add4502772783f8e551d9
                                                                  • Opcode Fuzzy Hash: 6550f83a76ef02cb639577a8c322407ba9ca0699da3057204f7e0e5f7f356cfe
                                                                  • Instruction Fuzzy Hash: CB319C32600B8086EB218BA2E854B9E77A4F7497D8F200615EF9917B65DF38C192C700
                                                                  Function 00000001400ACB04 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: EnvironmentFreeStrings$Heap$AllocErrorLast
                                                                  • String ID:
                                                                  • API String ID: 3331406755-0
                                                                  • Opcode ID: c15c1da211f12da5ddd943b450918cac83ffbfeee98227f293861ad03f8cb8af
                                                                  • Instruction ID: 258d45838a42909b4d495c2cc59036331f00c14b156d323c19056bd3fcf00d93
                                                                  • Opcode Fuzzy Hash: c15c1da211f12da5ddd943b450918cac83ffbfeee98227f293861ad03f8cb8af
                                                                  • Instruction Fuzzy Hash: F831B13122478081EA269F2768417EA76A4B79CFD4F494319BB4A57BE5DF39C4818B00
                                                                  Function 0000000140085C7B Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseOpenQueryValue
                                                                  • String ID:
                                                                  • API String ID: 3677997916-0
                                                                  • Opcode ID: 98a3e54482a17532a660a8fa1cab900c309b5f6fda42c005ceacfcf74f8e1bea
                                                                  • Instruction ID: 3f4b0842e8fc82fdf074bf0f3e32c2781c2fe54cfa2cd97e6c43f32abcda0346
                                                                  • Opcode Fuzzy Hash: 98a3e54482a17532a660a8fa1cab900c309b5f6fda42c005ceacfcf74f8e1bea
                                                                  • Instruction Fuzzy Hash: AD218173614B8481EA619B26E49439EA760FBDD7D4F505212FB8E47AB9EE3CC185CB00
                                                                  Function 0000000140084730 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Info$User
                                                                  • String ID:
                                                                  • API String ID: 2017065092-0
                                                                  • Opcode ID: 09ae55b4e622fe248be01bc66097043d67a2342efe4101a7f522a741858beff8
                                                                  • Instruction ID: 0da6c51708aae802c1c715e5ab97e643279c3131667dc25065de9ec91bfb8954
                                                                  • Opcode Fuzzy Hash: 09ae55b4e622fe248be01bc66097043d67a2342efe4101a7f522a741858beff8
                                                                  • Instruction Fuzzy Hash: 3811BF32A1878183D7118F62F41479EB3A2FB84FC8F445125EB8503B69DF7CD5908B84
                                                                  Function 00000001400A3820 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Process$CurrentExitTerminate
                                                                  • String ID:
                                                                  • API String ID: 1703294689-0
                                                                  • Opcode ID: 8894e589db04ddd2d14810d04fdd379fe1a67dc706d1f09feb04222f201663c3
                                                                  • Instruction ID: 2ea921b5de8585c7ead1c9c47d07aa2049e2c11de3f04c0e1d401d775a7a3a6d
                                                                  • Opcode Fuzzy Hash: 8894e589db04ddd2d14810d04fdd379fe1a67dc706d1f09feb04222f201663c3
                                                                  • Instruction Fuzzy Hash: 84D0923870070693EB1A6B7268963EC52266F6DBC1F14292CBA03073B3CE3D888E4611
                                                                  Function 0000000140040E70 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task
                                                                  • String ID:
                                                                  • API String ID: 118556049-3916222277
                                                                  • Opcode ID: b97fa85fd6d080112689539a1df79cb63ca38774697952c274d3f990b54ca2e5
                                                                  • Instruction ID: 4a1abb7f16d831aa52622629eddc64690d6838a0f628c8f588688f42a2f75156
                                                                  • Opcode Fuzzy Hash: b97fa85fd6d080112689539a1df79cb63ca38774697952c274d3f990b54ca2e5
                                                                  • Instruction Fuzzy Hash: 93515572304B8496EB268F2AD19439C33A0F388BD4F954622EF5D53BA5CF79D4A6C304
                                                                  Function 0000000140085AD0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CurrentProfile
                                                                  • String ID: Unknown
                                                                  • API String ID: 2104809126-1654365787
                                                                  • Opcode ID: 370ad8d10583bea3bf14cf6bd73c985662e30a083e550bf09a4d6a2d7c1b6686
                                                                  • Instruction ID: fc0f38fc8322fcab52c5dd085439699fc5d39dddd363d65fb3ed261f826ffc69
                                                                  • Opcode Fuzzy Hash: 370ad8d10583bea3bf14cf6bd73c985662e30a083e550bf09a4d6a2d7c1b6686
                                                                  • Instruction Fuzzy Hash: 8A31CD33628BC086E711CF22E4403DAB760F7A9B84F545215FBCA17A6ADB7CC695CB00
                                                                  Function 00000001400474A0 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task
                                                                  • String ID:
                                                                  • API String ID: 118556049-0
                                                                  • Opcode ID: 7b4fe20866bdcc0bac301f3d6566340bd892cf834fe267d167d240e53d73b122
                                                                  • Instruction ID: 71a22894ff747ab8b3437f2b7930de81b013a1e249af08e6b7946cdfb5fda7e0
                                                                  • Opcode Fuzzy Hash: 7b4fe20866bdcc0bac301f3d6566340bd892cf834fe267d167d240e53d73b122
                                                                  • Instruction Fuzzy Hash: BB5106B2301B4095EE269F27A5007E96256E74CBE4F590631FF6D0B7F6EE78C4818304
                                                                  Function 000000014007DDC0 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FolderFreeKnownPathTask
                                                                  • String ID:
                                                                  • API String ID: 969438705-0
                                                                  • Opcode ID: 802f0dca9c775e43cdb46f403647510168036d8998da0434065c44830da239a0
                                                                  • Instruction ID: 55715e2a66dfc52912f6fef3d118ca5409f61bb99c4b7665450f664eadaf1565
                                                                  • Opcode Fuzzy Hash: 802f0dca9c775e43cdb46f403647510168036d8998da0434065c44830da239a0
                                                                  • Instruction Fuzzy Hash: BE316672A14B8081E621CF26E44139EB761F79D7F4F105316FBAD47AA9DB7CC1818B40
                                                                  Function 0000000140092F08 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 634ca63b1299db0c69c46a9c87062dc1bde1b4139033e41e1825c3da2e6d69db
                                                                  • Instruction ID: d670c74a3cad8dea1a861d3376d60556d5dbf12abfbe617c3eb3189632f6d3bf
                                                                  • Opcode Fuzzy Hash: 634ca63b1299db0c69c46a9c87062dc1bde1b4139033e41e1825c3da2e6d69db
                                                                  • Instruction Fuzzy Hash: BB31DD72210A4481EE56EB56E8613E963A0E79CBC0F940631F75E473F2EB38C545CB00
                                                                  Function 000000014007C400 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseOpen
                                                                  • String ID:
                                                                  • API String ID: 47109696-0
                                                                  • Opcode ID: e2db2b8549d09c46c0c409d88c472a4204a4d469fc154098e38cf9eddf7af88f
                                                                  • Instruction ID: 33e98342e1dbc51f3766f630471af370cdcb195a6e8e0b13f4e2b894d56ac143
                                                                  • Opcode Fuzzy Hash: e2db2b8549d09c46c0c409d88c472a4204a4d469fc154098e38cf9eddf7af88f
                                                                  • Instruction Fuzzy Hash: C221A332725A8045EE519B23E8507EAA760FB9DFD4F495125FB4E43BA9DF3CC4818700
                                                                  Function 000000014007B6CC Relevance: 3.1, APIs: 2, Instructions: 57synchronizationCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                                                  • String ID:
                                                                  • API String ID: 420082584-0
                                                                  • Opcode ID: 8b8447a8b915974071f3a08b26181bd4282b7d5f4d27517d31bd520b905839d0
                                                                  • Instruction ID: f10cd317d46a8061a63238d510a0afd0e99a1dcd5fca171a1b6c180d916f7be3
                                                                  • Opcode Fuzzy Hash: 8b8447a8b915974071f3a08b26181bd4282b7d5f4d27517d31bd520b905839d0
                                                                  • Instruction Fuzzy Hash: 3C218C7160868141FA27B7B7A4563EE6340AFCE7D0F145A21FB9A436F7DE3CC0809622
                                                                  Function 00000001400AD888 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                  • String ID:
                                                                  • API String ID: 3548387204-0
                                                                  • Opcode ID: 9f55e90913658458d0baa701b2b7b8f387f595ce9a8c9f74acf3b7ee8b8922bb
                                                                  • Instruction ID: bf1a4c9bad61c6cf295336fbe84c7c5893434da79de8b2b3da9e20f25465f2a6
                                                                  • Opcode Fuzzy Hash: 9f55e90913658458d0baa701b2b7b8f387f595ce9a8c9f74acf3b7ee8b8922bb
                                                                  • Instruction Fuzzy Hash: 0211A23466024142FE177BF3445B7ED31954BBD3C0F441A29B756972F3EEB889814AA2
                                                                  Function 000000014007B6FD Relevance: 3.0, APIs: 2, Instructions: 46synchronizationCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseHandleMutexReleaserecv
                                                                  • String ID:
                                                                  • API String ID: 2659716615-0
                                                                  • Opcode ID: 795b393336643d9005e1441f54a42898eca0ffb56d6f142cab5f3b3c29d99d1b
                                                                  • Instruction ID: 7c7df572d18e132df0cc7954c78060e49782440cc91fd5e23d273308c34aa20c
                                                                  • Opcode Fuzzy Hash: 795b393336643d9005e1441f54a42898eca0ffb56d6f142cab5f3b3c29d99d1b
                                                                  • Instruction Fuzzy Hash: 24116D7261868141FA67B777A4163EE6350AFCEBD0F145221BB99076F7DE3CC080C611
                                                                  Function 000000014009F75C Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorFileLastPointer
                                                                  • String ID:
                                                                  • API String ID: 2976181284-0
                                                                  • Opcode ID: bf64b2ca6c828aa2865472cbc32df9119e6dc20bcb509235e4a2de8cfbd7474d
                                                                  • Instruction ID: 46564ee9d56e3c7b5ba1a1fab28bafcdd2752c4fc38c25dfd0f57ce0032245ed
                                                                  • Opcode Fuzzy Hash: bf64b2ca6c828aa2865472cbc32df9119e6dc20bcb509235e4a2de8cfbd7474d
                                                                  • Instruction Fuzzy Hash: 4711A076318B8081EA218B26A4443A9A761E798FF4F644312FF794B7F9DF78C0918740
                                                                  Function 000000014007B724 Relevance: 3.0, APIs: 2, Instructions: 37synchronizationCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseHandleMutexRelease
                                                                  • String ID:
                                                                  • API String ID: 4207627910-0
                                                                  • Opcode ID: 9c337312b80d2d38a3baa7b6c66967634573851b1351c332d2a925c877b67f73
                                                                  • Instruction ID: 534bebf3c5aab0f9e7bb800e237f7db9ba722c6094160e883dbefabcf6144a52
                                                                  • Opcode Fuzzy Hash: 9c337312b80d2d38a3baa7b6c66967634573851b1351c332d2a925c877b67f73
                                                                  • Instruction Fuzzy Hash: FC018F72A086C142FA66AB3BE4153DD6350ABCDBE1F145311BB9A076F6EF3CC081C600
                                                                  Function 00000001400AD148 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                  • String ID:
                                                                  • API String ID: 1173176844-0
                                                                  • Opcode ID: ba3aa8670788eabeaf193c5d6875b73550c8a9037df0e5da198d367d2e00ed63
                                                                  • Instruction ID: 8a138c7820b728ff1b6e361a71ad5426c6f0f74126902d65813b18e6a5a28ee9
                                                                  • Opcode Fuzzy Hash: ba3aa8670788eabeaf193c5d6875b73550c8a9037df0e5da198d367d2e00ed63
                                                                  • Instruction Fuzzy Hash: 21E0127061110555FD2B267318153F520401F6D7F0F1C1B217FB6076F3A978C4D18D10
                                                                  Function 000000014009BC88 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorFreeHeapLast
                                                                  • String ID:
                                                                  • API String ID: 485612231-0
                                                                  • Opcode ID: 394618f50db7fbbd1fef49d22478318aab263d5d118c1dceebe5262d95cd9652
                                                                  • Instruction ID: 0b5330ced0e29f78a79284f3cf9380b093bbeb4d8d894d7985c437e0057f45df
                                                                  • Opcode Fuzzy Hash: 394618f50db7fbbd1fef49d22478318aab263d5d118c1dceebe5262d95cd9652
                                                                  • Instruction Fuzzy Hash: 0BE017F5B0160162FF1BA7F3A8563EA12915FACBD0F048420BB19932B2EE3888958610
                                                                  Function 000000014008DAF0 Relevance: 1.7, APIs: 1, Instructions: 189COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task
                                                                  • String ID:
                                                                  • API String ID: 118556049-0
                                                                  • Opcode ID: b4170ca246f7b06beccc7ac9e070f92329930d084c876b8179c86b6049eff60d
                                                                  • Instruction ID: d0d4a9a4096f2515e684ff415137a2abc53100603a9f39e4ea57f913a362a5d5
                                                                  • Opcode Fuzzy Hash: b4170ca246f7b06beccc7ac9e070f92329930d084c876b8179c86b6049eff60d
                                                                  • Instruction Fuzzy Hash: E2616873301A8485EA169E17D1543AD37A2F349FD8F558622EF6E0B3E5DB78CA86D300
                                                                  Function 000000014002E2A0 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: __std_fs_directory_iterator_open
                                                                  • String ID:
                                                                  • API String ID: 4007087469-0
                                                                  • Opcode ID: 4ad4d258e8038ebb62c4665b52b0a199e7f30c3b6c0de5d0078ad3618b3c21bd
                                                                  • Instruction ID: cf3e95423c2b5032186d8df5afcb552741feadb5e4544773b76807159a3cd90b
                                                                  • Opcode Fuzzy Hash: 4ad4d258e8038ebb62c4665b52b0a199e7f30c3b6c0de5d0078ad3618b3c21bd
                                                                  • Instruction Fuzzy Hash: 0E61C472B40A8096FB12DF7AD4903ED23A1E74D7E8F40462AFF1957BE5EA34C9918300
                                                                  Function 0000000140047D80 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task
                                                                  • String ID:
                                                                  • API String ID: 118556049-0
                                                                  • Opcode ID: 03ce9d0e3375c82842fa70db0fb78aa8d24b2234106e7cf032a5740499f0bb4c
                                                                  • Instruction ID: e4b19214cd8291f7c2a3f7ba8663091feaa898583f7ef6e0799addca7407a7b1
                                                                  • Opcode Fuzzy Hash: 03ce9d0e3375c82842fa70db0fb78aa8d24b2234106e7cf032a5740499f0bb4c
                                                                  • Instruction Fuzzy Hash: 7141BC72304A8481EA229F27E5443ED6365F74DBD4F580A35EFAD0B7A6DF38C8418304
                                                                  Function 0000000140047F30 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task
                                                                  • String ID:
                                                                  • API String ID: 118556049-0
                                                                  • Opcode ID: 91c1d0024a4ceec18961aef921753dc9ec11f4d7a9d20682904b5b8028ae8ee7
                                                                  • Instruction ID: 14160285011a48e7f41132f3120126f3728569180f830c231f43946f66594cc4
                                                                  • Opcode Fuzzy Hash: 91c1d0024a4ceec18961aef921753dc9ec11f4d7a9d20682904b5b8028ae8ee7
                                                                  • Instruction Fuzzy Hash: 0D41D172310B4485EE62AB17A5043EDA251B34CFD4F584A32BF6D0B7E6DE78C585D308
                                                                  Function 00000001400435C0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task
                                                                  • String ID:
                                                                  • API String ID: 118556049-0
                                                                  • Opcode ID: 2d18077927b17f92ad3f211cd267c921e024e86c666159b974f6e55435282a48
                                                                  • Instruction ID: 03247c937121448092883c269b88bee03c0d05a80159fb3526169df5d674918d
                                                                  • Opcode Fuzzy Hash: 2d18077927b17f92ad3f211cd267c921e024e86c666159b974f6e55435282a48
                                                                  • Instruction Fuzzy Hash: 0831D2B2301A8554FE26AB57E5403E926919709FE4F565231EF2D07BE6EE78C481C344
                                                                  Function 000000014009C188 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 281f6fd9153be7f1626fe0826c31dc4fe947b8601093dfe6e86b2fa98026100a
                                                                  • Instruction ID: d81f1f3b013fd9dff1d6c6ed14603e01849b91a5f7cc6777860c49fb60551185
                                                                  • Opcode Fuzzy Hash: 281f6fd9153be7f1626fe0826c31dc4fe947b8601093dfe6e86b2fa98026100a
                                                                  • Instruction Fuzzy Hash: B041D1B262064087EA768B5AE5507E973A4F75ABD0F141205FB8A877F1CB38D803CB51
                                                                  Function 00000001400850F0 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: InformationVolume
                                                                  • String ID:
                                                                  • API String ID: 2039140958-0
                                                                  • Opcode ID: 8c851119c1025d19680f206ef99bf1d565e4006ab44c0d104981a73e61e7a8bc
                                                                  • Instruction ID: 3e4f4deb163ecf7065a35b7f87b05c89be95e7df2a8154597d23eeef62723db6
                                                                  • Opcode Fuzzy Hash: 8c851119c1025d19680f206ef99bf1d565e4006ab44c0d104981a73e61e7a8bc
                                                                  • Instruction Fuzzy Hash: C9518E33A14B8089E712CF79E8443DD7760F799788F504212EB8C57AA9DF78C684CB40
                                                                  Function 0000000140041970 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0000000140041A78
                                                                    • Part of subcall function 000000014002B820: __std_exception_copy.LIBVCRUNTIME ref: 000000014002B868
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task__std_exception_copy
                                                                  • String ID:
                                                                  • API String ID: 317858897-0
                                                                  • Opcode ID: b2d8e5f1be8f2f8d542de75146d83861674ac033b6a07a4ff179556af76ea083
                                                                  • Instruction ID: a8f0adb98431b775425e9ead8c3c05668da373c0a0ccb6e90c9b6137a0fdfd0e
                                                                  • Opcode Fuzzy Hash: b2d8e5f1be8f2f8d542de75146d83861674ac033b6a07a4ff179556af76ea083
                                                                  • Instruction Fuzzy Hash: 0121E972702B5441EA1AAB56E1403E86290E788BE4F254731EB7C07BE5EE78C9E29340
                                                                  Function 000000014009F0CC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: b4453dcf53b1a406caf81c0f7e08a99bf745a785fcbd5ce79fe073e0462c5a7f
                                                                  • Instruction ID: 039b51f25f9133a0960bb8f5086f042a09a8f8d88124adaea2b7abbcf7265592
                                                                  • Opcode Fuzzy Hash: b4453dcf53b1a406caf81c0f7e08a99bf745a785fcbd5ce79fe073e0462c5a7f
                                                                  • Instruction Fuzzy Hash: 8131E3B2614640D6F727AFA7D8413ED6B90A748BE4F810205FB65433F2DBB8C8829B51
                                                                  Function 00000001400A3751 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                  • String ID:
                                                                  • API String ID: 3947729631-0
                                                                  • Opcode ID: 9a4319b1a9349b175a2ab261d3967c41928b3e2b203d956efbe5c9eb3dbfe620
                                                                  • Instruction ID: 1fc59b4a59ae85b46f6b9166bdbff0bb4c7d0c063c157e92636b79c63da886d1
                                                                  • Opcode Fuzzy Hash: 9a4319b1a9349b175a2ab261d3967c41928b3e2b203d956efbe5c9eb3dbfe620
                                                                  • Instruction Fuzzy Hash: 84214AB6A00B848EEB268F65C8443EC37B0E758758F545B2AF72947AE5DF38C585CB40
                                                                  Function 00000001400BE7B8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: d348ac23900305c462c0690c0df5af421cd1f821f12a258e8e5c958353d8cc37
                                                                  • Instruction ID: 963f332baa30f0764726ce0e89d6d1f8c441babd3b41037a9d74ad3d40288263
                                                                  • Opcode Fuzzy Hash: d348ac23900305c462c0690c0df5af421cd1f821f12a258e8e5c958353d8cc37
                                                                  • Instruction Fuzzy Hash: F6219672214EC087DB669F6AE4403A977B1E788BD4F644224F75D4B6F5DB39C8008B00
                                                                  Function 00000001400BCAC0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
                                                                  • Instruction ID: 76031a156d145f1e75ff053a72b768cc5537241a87ef5f05dfead53edc72914a
                                                                  • Opcode Fuzzy Hash: 277766cc613ac521deff1262cc5973a4c6dda0ce244441028124d0478fb53980
                                                                  • Instruction Fuzzy Hash: 11119631224A4481FA62DF9394107EEA3B4F78DBC8F444421FB94577B6DB7DC8418B52
                                                                  Function 000000014007FC60 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: send
                                                                  • String ID:
                                                                  • API String ID: 2809346765-0
                                                                  • Opcode ID: 7b014de7d978259952d8fbf9b19179fb3552117fbf4d6986a0cc05869dadf4b1
                                                                  • Instruction ID: ed63c22e22b379f3c336386ece21b3ad8a2337843b1b8e3a89cebf0bef14ddfa
                                                                  • Opcode Fuzzy Hash: 7b014de7d978259952d8fbf9b19179fb3552117fbf4d6986a0cc05869dadf4b1
                                                                  • Instruction Fuzzy Hash: DE016D36718A8881EB518F2BBA4076AA7A0F78CFD4F589135EF9D43B58DA38C8418740
                                                                  Function 0000000140095C34 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
                                                                  • Instruction ID: 12817fefe43cbe0e35e8e44782809c7bb200d723c329c7900ab39acf6a87230c
                                                                  • Opcode Fuzzy Hash: 68ea0e6e30933e9dd76abf56f21314c638998a57c534cc3687c594a1fb5b02e7
                                                                  • Instruction Fuzzy Hash: 8BE092B121674085EF267BBBA1813AD65509B0C7F0F548321B774076F6DB74C8604B01
                                                                  Function 00000001400B9D78 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FileFindNext
                                                                  • String ID:
                                                                  • API String ID: 2029273394-0
                                                                  • Opcode ID: 05abf0131c8b098d1a61f2295ae7c7f0a4315664c5cc964735d2d131e1c6be8e
                                                                  • Instruction ID: d77e7af20007b7e33648d6574d0470e4b7856eca6e046ac06dd638d9c475ad65
                                                                  • Opcode Fuzzy Hash: 05abf0131c8b098d1a61f2295ae7c7f0a4315664c5cc964735d2d131e1c6be8e
                                                                  • Instruction Fuzzy Hash: 16C09238F16902D2E65A2FB75CC338A12E0AB9C780F844020E304822B1DA3C81E7CB31
                                                                  Function 00000001400BB974 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: InfoNativeSystem
                                                                  • String ID:
                                                                  • API String ID: 1721193555-0
                                                                  • Opcode ID: a58d1d1940ea9a1276aa9ae53fd9a4567027d1a2ff5bbf1696185df6648e20bf
                                                                  • Instruction ID: 2d4ebf22e8ea44c3de85ce703a090383597d96474293fc5e484319a26ec3cfd3
                                                                  • Opcode Fuzzy Hash: a58d1d1940ea9a1276aa9ae53fd9a4567027d1a2ff5bbf1696185df6648e20bf
                                                                  • Instruction Fuzzy Hash: 2AB09236A148C0E7C612EB04E8422497331FB98B18FD00000E38943624CF2CDA2A8E10
                                                                  Function 000000014009C2F0 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocHeap
                                                                  • String ID:
                                                                  • API String ID: 4292702814-0
                                                                  • Opcode ID: 53d8e6fe3df60df409aa1b30b1f8cca8e9b674a67e9b362d6300d0fc87b1227c
                                                                  • Instruction ID: 0ee19f60c367baada821e95bfc14ea9fe8802c50f1a7eb9f1d246396595a9061
                                                                  • Opcode Fuzzy Hash: 53d8e6fe3df60df409aa1b30b1f8cca8e9b674a67e9b362d6300d0fc87b1227c
                                                                  • Instruction Fuzzy Hash: 04F067B4B2124081FE6A57A3A9447E912842B8CBC0F4CD4307F1E873F2DE3CCA848220
                                                                  Function 000000014009D17C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AllocHeap
                                                                  • String ID:
                                                                  • API String ID: 4292702814-0
                                                                  • Opcode ID: e225fa2b0dbec660310bef0d9b6d64f65c59680a2a45183e3c4b35eee9a22bf5
                                                                  • Instruction ID: 02b13d49a3f81dd7a96231731d72b5532a686b3fe38c3284392ef13d9092b2b0
                                                                  • Opcode Fuzzy Hash: e225fa2b0dbec660310bef0d9b6d64f65c59680a2a45183e3c4b35eee9a22bf5
                                                                  • Instruction Fuzzy Hash: C8F0377A39524456FE675BB368113E962905B4C7E0F4857217F26873F1DE7CC441C610

                                                                  Non-executed Functions

                                                                  Function 0000000140088FE0 Relevance: 34.3, APIs: 18, Strings: 1, Instructions: 1015stringmemorynativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
                                                                  • String ID: 0
                                                                  • API String ID: 1424456515-4108050209
                                                                  • Opcode ID: f9a4b21bba6b5778666b90edc385f803ff7b984533bf3915daa45dc885927a08
                                                                  • Instruction ID: e604d7167b34311c8e0fe99e090bcd918b4f7d2940aac51addfe585592677c6d
                                                                  • Opcode Fuzzy Hash: f9a4b21bba6b5778666b90edc385f803ff7b984533bf3915daa45dc885927a08
                                                                  • Instruction Fuzzy Hash: F8C2B836626F988AD7908F69E88169EB3B5F788B88F105215FFCD57B18EB38C154C740
                                                                  Function 00000001400B9E68 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                                                  • String ID:
                                                                  • API String ID: 2398595512-0
                                                                  • Opcode ID: 49566460a907a601e1f093275e7cedc738230c471b32bdcbe51d950a59750163
                                                                  • Instruction ID: bd0a7feb077c907354969762849b34151d67fe78fda9ec3b2a3bd20647f569a0
                                                                  • Opcode Fuzzy Hash: 49566460a907a601e1f093275e7cedc738230c471b32bdcbe51d950a59750163
                                                                  • Instruction Fuzzy Hash: 42914131310E0146EAB69FABA8547EA62A0AB9E7F4F144714FB76477F4DB3CC8458710
                                                                  Function 00000001400888E0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 351nativelibraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Handle$Query$CloseInformationProcessSystem$AddressCurrentFinalModuleNameObjectOpenPathProc
                                                                  • String ID: File$NtDuplicateObject$ntdll.dll
                                                                  • API String ID: 2729825427-3955674919
                                                                  • Opcode ID: bf9a0ccce2cd6c5d3e29f71ce3efbea8b02204595c9946da31666db7e6f30529
                                                                  • Instruction ID: 88f1b79f6286c0e5e0663165defaf3d7e800104a22575653cc64f1d0f6badeec
                                                                  • Opcode Fuzzy Hash: bf9a0ccce2cd6c5d3e29f71ce3efbea8b02204595c9946da31666db7e6f30529
                                                                  • Instruction Fuzzy Hash: 60E19D73B14A8089FB12DBA6D4143ED23A1F759BD8F408521EF5D57BA9DE38C64A8300
                                                                  Function 0000000140073C40 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 218COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Initialize
                                                                  • String ID: @
                                                                  • API String ID: 2538663250-2766056989
                                                                  • Opcode ID: f2b88f0e31e157c8ed3a7a2a778d31259d4e7010baddb37256c0379137fda1c2
                                                                  • Instruction ID: 316128c581b16c4d3f4b3da09d2500f057a97763de5d99de1d399ef9cdafa0b3
                                                                  • Opcode Fuzzy Hash: f2b88f0e31e157c8ed3a7a2a778d31259d4e7010baddb37256c0379137fda1c2
                                                                  • Instruction Fuzzy Hash: C6A14872B04A808AF722CF76E41479D7771B78CB98F104225EF9A17AA8EB39C555C384
                                                                  Function 000000014007A320 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 465COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ExecuteShell
                                                                  • String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
                                                                  • API String ID: 587946157-4093014531
                                                                  • Opcode ID: dac6a84f89353b7f1c07caf956257581d7611a8d53d37b6a460d21ae5b7b81ea
                                                                  • Instruction ID: 1c4fe17788cb8f09727e1eb0c249120cc654e615ca3ad5b5903190ad2158ec18
                                                                  • Opcode Fuzzy Hash: dac6a84f89353b7f1c07caf956257581d7611a8d53d37b6a460d21ae5b7b81ea
                                                                  • Instruction Fuzzy Hash: 78229D72A10B8099EB11DF3AE8843DD77A1F789798F505216FB5D07AA9EF78C584C700
                                                                  Function 0000000140077340 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 188COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Crypt$AlgorithmConcurrency::cancel_current_taskGenerateOpenPropertyProviderSymmetric
                                                                  • String ID: AES$ChainingMode$ChainingModeGCM
                                                                  • API String ID: 2222192889-1213888626
                                                                  • Opcode ID: 9a1a3cd6e6ddd17ddf90823c6e7be3f2930cf914a1463a096f49e54039a43834
                                                                  • Instruction ID: 8d1d121c70002e2b68f3aba67cbb1f4ecb0d904613cd8cca5b9a22352f8360ed
                                                                  • Opcode Fuzzy Hash: 9a1a3cd6e6ddd17ddf90823c6e7be3f2930cf914a1463a096f49e54039a43834
                                                                  • Instruction Fuzzy Hash: B061D472700B8482EB269B66E8407E96760E78DBE8F544725BF6C07BF6DB78C5918300
                                                                  Function 00007FF60807CAF1 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 258fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Find$CloseFile$FirstNext
                                                                  • String ID: *$.
                                                                  • API String ID: 1164774033-3886413389
                                                                  • Opcode ID: 1ad28d0ae4af48d40e9119588df1c5008e8f9d7b3627aa4813c3e566a8eb1879
                                                                  • Instruction ID: d46f0d5f103ba7df798cb1923e7bb503d6be6a43a0b6d622eb48483e2993feec
                                                                  • Opcode Fuzzy Hash: 1ad28d0ae4af48d40e9119588df1c5008e8f9d7b3627aa4813c3e566a8eb1879
                                                                  • Instruction Fuzzy Hash: 23A1D422F1869641FA60DB35E4042B96390EB85BE4F645132EE5F9BBC9DF3CE941830C
                                                                  Function 00000001400A74C4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                                                  • String ID: utf8
                                                                  • API String ID: 3069159798-905460609
                                                                  • Opcode ID: b6b5f0871776deda8e7c69fea737524f09f83080a3327ccb47b1bd94534ebeda
                                                                  • Instruction ID: d5ac7b476c8a9bce444684ebd37fc73749f6f001cbd1fa0b2ab8da16a1f6a6e0
                                                                  • Opcode Fuzzy Hash: b6b5f0871776deda8e7c69fea737524f09f83080a3327ccb47b1bd94534ebeda
                                                                  • Instruction Fuzzy Hash: 74918E36700B4081EB669F23D941BED63A4E7ACBC0F448221EF4D477A6EB78C592CB50
                                                                  Function 00000001400A7F0C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                  • String ID:
                                                                  • API String ID: 2591520935-0
                                                                  • Opcode ID: b1335ece248e5c8e3195e4a98367805ba8d0dabbc837c8d301c8a4141c46c529
                                                                  • Instruction ID: eff23689320ff5adc5df77f7c9cc30a6b599853c8a01bd4f4dfa4f293dad0dfa
                                                                  • Opcode Fuzzy Hash: b1335ece248e5c8e3195e4a98367805ba8d0dabbc837c8d301c8a4141c46c529
                                                                  • Instruction Fuzzy Hash: E6718E3270060099FB629B62D850BED33B4BB5CBC4F448625EF59577E5EB38C98ACB50
                                                                  Function 00007FF6080754D4 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                  • String ID:
                                                                  • API String ID: 3140674995-0
                                                                  • Opcode ID: 703016598f4b49543d9c9636df41fb7a299657f8bb96d1c8adaf98595dcbe2c0
                                                                  • Instruction ID: 38427a7c1a0420ddc728c653dc84aacbf0127b154fced3301eac4846174c2634
                                                                  • Opcode Fuzzy Hash: 703016598f4b49543d9c9636df41fb7a299657f8bb96d1c8adaf98595dcbe2c0
                                                                  • Instruction Fuzzy Hash: CE313C72A08B8286EB64CF70E8403EE7360FB84754F54443ADA4E87B95DF78D548C718
                                                                  Function 00000001400ADB78 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                  • String ID:
                                                                  • API String ID: 3140674995-0
                                                                  • Opcode ID: 3efb770cfb16d5d0ed57f42d694c11b3d6a4fbf3d96f685e31a20390ead54e25
                                                                  • Instruction ID: 9f7744655287aa887559b9cff32dfa778d51491bd1e8afa760c84834dbf292cd
                                                                  • Opcode Fuzzy Hash: 3efb770cfb16d5d0ed57f42d694c11b3d6a4fbf3d96f685e31a20390ead54e25
                                                                  • Instruction Fuzzy Hash: B0315072615B8086EB619F61E8403ED7374F798784F44452AEB4E47BA8DF78C649CB10
                                                                  Function 000000014006F1C0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: __std_exception_destroy
                                                                  • String ID: value
                                                                  • API String ID: 2453523683-494360628
                                                                  • Opcode ID: 82c3d6565131afdded86e4ebd0b109237adc3dcd0665d894327a522c76d62dca
                                                                  • Instruction ID: 4e7bf3bedcc79ae228617acf5de83c008c58e0c15488d6f1396da54890448ec7
                                                                  • Opcode Fuzzy Hash: 82c3d6565131afdded86e4ebd0b109237adc3dcd0665d894327a522c76d62dca
                                                                  • Instruction Fuzzy Hash: 18028E72614BC095EB02CB76D8803ED6761E79A7E4F605612FB9D43AEADF78C185C700
                                                                  Function 00007FF608077760 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                  • String ID:
                                                                  • API String ID: 1239891234-0
                                                                  • Opcode ID: 84edda72ec9d520141983e74228c668a6a8178568ee7aa51ae599cd2c23f2f3d
                                                                  • Instruction ID: f99f1d95540be6d023456db5bd76f61420b4e64eb7db584c11a696d88b4b2f8f
                                                                  • Opcode Fuzzy Hash: 84edda72ec9d520141983e74228c668a6a8178568ee7aa51ae599cd2c23f2f3d
                                                                  • Instruction Fuzzy Hash: A9318632A08F8186EB64CF75E8402AE73A0FB88794F640135EA9D87B95DF7CD545CB04
                                                                  Function 0000000140096828 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                  • String ID:
                                                                  • API String ID: 1239891234-0
                                                                  • Opcode ID: 18b3e5fdd1cd8cc2a5e6ef0b7725685d0a25d59a69a4c718c7a281717e56691c
                                                                  • Instruction ID: d26cc2fd36ed465307e52bae6993abbfc5e3a174f8213072b128481ce9152def
                                                                  • Opcode Fuzzy Hash: 18b3e5fdd1cd8cc2a5e6ef0b7725685d0a25d59a69a4c718c7a281717e56691c
                                                                  • Instruction Fuzzy Hash: E9315E32614B8096DB61CF26E8403EE73A4F788794F544226FB9D43BA9DF38C5568B00
                                                                  Function 0000000140033A30 Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 699COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Crypt$AlgorithmProvider$CloseGenerateOpenPropertySymmetric
                                                                  • String ID: content$filename$ios_base::badbit set
                                                                  • API String ID: 4024084497-879919306
                                                                  • Opcode ID: 14c71fb6276344ef19c53a2a71fb7fb04c5672c6c98d0b482d8362fcc0b25232
                                                                  • Instruction ID: 6a15648fd45475ec90e58d21107993b85f51eda2aafa867f6bfef3ffdab46c03
                                                                  • Opcode Fuzzy Hash: 14c71fb6276344ef19c53a2a71fb7fb04c5672c6c98d0b482d8362fcc0b25232
                                                                  • Instruction Fuzzy Hash: EF82D132119BC595D6B28B15F8803DAB3A4F7C9780F505226EBCD53BA9EF78C594CB40
                                                                  Function 00000001400BC0C4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00000001400BC147
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                  • API String ID: 389471666-631824599
                                                                  • Opcode ID: 43761d7ed95dfb62d4f325219cf79311bad23dd39b30918d63012676194dbb3d
                                                                  • Instruction ID: b65f4da7e0dac3f6acdcda201eed9de570067186433dc723f279dd9dd717984a
                                                                  • Opcode Fuzzy Hash: 43761d7ed95dfb62d4f325219cf79311bad23dd39b30918d63012676194dbb3d
                                                                  • Instruction Fuzzy Hash: 90115A32210B40A7FB469B67E6953E933A4FB48794F448125D74983AA1EF78D0B8C750
                                                                  Function 00000001400978F8 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Virtual$AllocInfoProtectQuerySystem
                                                                  • String ID:
                                                                  • API String ID: 3562403962-0
                                                                  • Opcode ID: 98c2ba8c49363c7f84277756ec2bc7ed58b48c13a2b72fa2159cecfb20083f2f
                                                                  • Instruction ID: 2998d681f4290f3cdbfd7160d335f1a03f64a6088aad891686837b0353e6d884
                                                                  • Opcode Fuzzy Hash: 98c2ba8c49363c7f84277756ec2bc7ed58b48c13a2b72fa2159cecfb20083f2f
                                                                  • Instruction Fuzzy Hash: 45312632310A819EDB21CF22D8447DD63A5F749B88F844525AA4E47B68DA38D646C700
                                                                  Function 00000001400B9A28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FormatInfoLocaleMessage
                                                                  • String ID: !x-sys-default-locale
                                                                  • API String ID: 4235545615-2729719199
                                                                  • Opcode ID: 55a1076e367a08c173ecc78b5cea65c2f0ec9f8033976bc3287741c8c55a0f17
                                                                  • Instruction ID: ecd46ce48cd802a89ea887e817bce2d3b7e480950ffb0d184572ec913a52b2bd
                                                                  • Opcode Fuzzy Hash: 55a1076e367a08c173ecc78b5cea65c2f0ec9f8033976bc3287741c8c55a0f17
                                                                  • Instruction Fuzzy Hash: 73018CB2704B8182E7268B53B4507AAA7A5F788BD4F088015EB4547AA9DB3CC505C740
                                                                  Function 00000001400A7988 Relevance: 4.7, APIs: 3, Instructions: 167COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 1791019856-0
                                                                  • Opcode ID: 673738c239811e8e6aaf94bb473114a5deef8476c39fa87607a7713143cb4c6a
                                                                  • Instruction ID: 9e1b7eb3e14f3d8ac36dcfc1f2b4f11521ad031e9c983c2225f320651a2be65f
                                                                  • Opcode Fuzzy Hash: 673738c239811e8e6aaf94bb473114a5deef8476c39fa87607a7713143cb4c6a
                                                                  • Instruction Fuzzy Hash: 6761C3722106419AEB368F12E940BED73A5F7A87C4F04C225EB9E976E1DB3CD591CB10
                                                                  Function 000000014009C8E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: InfoLocale
                                                                  • String ID: GetLocaleInfoEx
                                                                  • API String ID: 2299586839-2904428671
                                                                  • Opcode ID: 2b548483d6ca9974e9528b0b11ada6c599aa6070ea1349b93d38a40a587da536
                                                                  • Instruction ID: faaad8ddc682d51d181ac9566c78053e2375318c11b0efb789bebad2f8088488
                                                                  • Opcode Fuzzy Hash: 2b548483d6ca9974e9528b0b11ada6c599aa6070ea1349b93d38a40a587da536
                                                                  • Instruction Fuzzy Hash: E8016D71704B8096EB469B57F4447DAA760EB9CBD0F584026FF4907BB9CE38C5428750
                                                                  Function 0000000140076F20 Relevance: 3.2, APIs: 2, Instructions: 248COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CryptDecrypt
                                                                  • String ID:
                                                                  • API String ID: 2620231605-0
                                                                  • Opcode ID: 3f72a23f1a509a65aa81e6d6b4530ce515d9c6eb0a3b9f4af59a408d351eb8e9
                                                                  • Instruction ID: d84c1dc56733cdec245b05dd482f086fb593878f4377b85cef3af088a038052b
                                                                  • Opcode Fuzzy Hash: 3f72a23f1a509a65aa81e6d6b4530ce515d9c6eb0a3b9f4af59a408d351eb8e9
                                                                  • Instruction Fuzzy Hash: 1FB16872B08B809AEB12CB66E4507AD37B1F3497C8F008216EF5C17BA9DB79C599D340
                                                                  Function 0000000140036C90 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CryptDataFreeLocalUnprotect
                                                                  • String ID:
                                                                  • API String ID: 1561624719-0
                                                                  • Opcode ID: e459822f5a965e7c6491091ff3b3fd437f3160b492302602bf1c7777a9c0efb9
                                                                  • Instruction ID: 4a8dd4eae84605777de1b5a55a80b2e635676b3498c47d1070251cd38370cd5e
                                                                  • Opcode Fuzzy Hash: e459822f5a965e7c6491091ff3b3fd437f3160b492302602bf1c7777a9c0efb9
                                                                  • Instruction Fuzzy Hash: DB616932B14B809AF712DFB5E4503DD77A1E75978CF008229EB8917EAADB78C5A49340
                                                                  Function 0000000140076DC0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CryptDataFreeLocalProtect
                                                                  • String ID:
                                                                  • API String ID: 2714945720-0
                                                                  • Opcode ID: cb202edfd23743d2fd92808a2a0732f52d9921990abee17e7841283a167b08e9
                                                                  • Instruction ID: fc4154c7915ed78d34f09a56cb44b59f23928a8851b000cbb18bd55c4212d758
                                                                  • Opcode Fuzzy Hash: cb202edfd23743d2fd92808a2a0732f52d9921990abee17e7841283a167b08e9
                                                                  • Instruction Fuzzy Hash: A5414032614B80CAE3219F75E8403ED37A4F75878CF084229BB8917E9ADB79C6A4C754
                                                                  Function 00000001400A7BD0 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLastValue$InfoLocale
                                                                  • String ID:
                                                                  • API String ID: 673564084-0
                                                                  • Opcode ID: fded36e5e65a151f08a0f66363fda748c04ed3a24ba9da3fcc630165be26dd08
                                                                  • Instruction ID: 8cd3d3dfa80cbff10c7d00d3e39445a1fedefada0f8de76d674014353bb7882c
                                                                  • Opcode Fuzzy Hash: fded36e5e65a151f08a0f66363fda748c04ed3a24ba9da3fcc630165be26dd08
                                                                  • Instruction Fuzzy Hash: 8F31A23270468586EB69CB23E8417EE73A1F79C7C5F40C229AB4D833A6DF38D5918B00
                                                                  Function 00000001400A7820 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                  • String ID:
                                                                  • API String ID: 3029459697-0
                                                                  • Opcode ID: 079d62a3b16f0b0a01b59833b99c059b9cb939bc8a4f10147e07732002005d14
                                                                  • Instruction ID: 46995d5bafc0c3402748cc3b4101f87f573535573610cbd06ba996400d9f120b
                                                                  • Opcode Fuzzy Hash: 079d62a3b16f0b0a01b59833b99c059b9cb939bc8a4f10147e07732002005d14
                                                                  • Instruction Fuzzy Hash: B411E473A146448AEB168F16D844BDC7BA0F3A4BE0F558216E719433E4DB38C5D1CB40
                                                                  Function 00000001400A7DD8 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLast$InfoLocaleValue
                                                                  • String ID:
                                                                  • API String ID: 3796814847-0
                                                                  • Opcode ID: f3e7ee2f1e66ffaf43a4bced11d96202e06a1caf3c24797c856a856d3c8d1eb4
                                                                  • Instruction ID: f16e9421c9f2d1d566c09731a7727aa721697d00e81b9315a0a2733411359802
                                                                  • Opcode Fuzzy Hash: f3e7ee2f1e66ffaf43a4bced11d96202e06a1caf3c24797c856a856d3c8d1eb4
                                                                  • Instruction Fuzzy Hash: F411A73271465183E77AC626A840F9E7261E79C7E4F548761E76D476E4DA36CCC18B00
                                                                  Function 00000001400A78F0 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                  • String ID:
                                                                  • API String ID: 3029459697-0
                                                                  • Opcode ID: 74688f5bb3302222e7b7870a00f7552f5ce206872596a426f55045067d3bf4cb
                                                                  • Instruction ID: 93d18b90c9ad416a7767668315f223f5f191bc074b56e8ec44abd2766402557f
                                                                  • Opcode Fuzzy Hash: 74688f5bb3302222e7b7870a00f7552f5ce206872596a426f55045067d3bf4cb
                                                                  • Instruction Fuzzy Hash: 0101F77270428086E7264F17E840FDEB6E5E768BE4F45C322E769472E5DB7484C5CB00
                                                                  Function 00000001400772C0 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AlgorithmCloseCryptProvider
                                                                  • String ID:
                                                                  • API String ID: 3378198380-0
                                                                  • Opcode ID: 1c8b21d10fd9b400f35e2c8dd6f8ddd75c7af018214b600343906388e6c3a10d
                                                                  • Instruction ID: 900497187b3b4a0feb06abdb1ee795e4bdb6587cd79a1e1914cdb7c24f71ecd3
                                                                  • Opcode Fuzzy Hash: 1c8b21d10fd9b400f35e2c8dd6f8ddd75c7af018214b600343906388e6c3a10d
                                                                  • Instruction Fuzzy Hash: 3601C2B2700A8491EB159B22D4147AD2361E74CFC8F944411EF4D076A9EF7DC8958380
                                                                  Function 000000014009C3A0 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: EnumLocalesSystem
                                                                  • String ID:
                                                                  • API String ID: 2099609381-0
                                                                  • Opcode ID: 12efd337fa0535e7eae3a7ae34cc0435095ae515fa5323edd15366a4afb89750
                                                                  • Instruction ID: af0fca8f4bd2b2ee9942c1d59f6fd3f147f5c30faaa08c128de7f41e83c5a0a7
                                                                  • Opcode Fuzzy Hash: 12efd337fa0535e7eae3a7ae34cc0435095ae515fa5323edd15366a4afb89750
                                                                  • Instruction Fuzzy Hash: 01F032B2300B4083E705DB6AE8917D963A2F7ADBC0F158129EB4987379DE3CC9A1C740
                                                                  Function 00000001400D3008 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 65fcb47a17adf94f373ff647ddafb07328eb1c747429ddd71517b78256354565
                                                                  • Instruction ID: feaac658b55cd5a518db28881bd34f119ec81d8d184e8a90d42a3b47355d6b8e
                                                                  • Opcode Fuzzy Hash: 65fcb47a17adf94f373ff647ddafb07328eb1c747429ddd71517b78256354565
                                                                  • Instruction Fuzzy Hash: 0AF0CDABA1D7D45AE35356250C7E3CC2FA19BAAFA2F8D804AAB40835D3905A0C079361
                                                                  Function 00000001400D3718 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8237b216de9d9a066abcd393a2c4069bfa76417ce4e254e20f0625e9b59a03dd
                                                                  • Instruction ID: f7555e13b67f83bd5e4671688c2997cb84ca8aa1e17461c55e46489618308b5b
                                                                  • Opcode Fuzzy Hash: 8237b216de9d9a066abcd393a2c4069bfa76417ce4e254e20f0625e9b59a03dd
                                                                  • Instruction Fuzzy Hash: 11E09AA761EBD04EE3634A350C2938C2FB09BA6F90F8E8097D790832D3D45D0C0A8731
                                                                  Function 00000001400D3398 Relevance: .0, Instructions: 15COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c2580bbaa354115e7f20c0c041466b1133d77912a340e4dfa20e2b14a994162f
                                                                  • Instruction ID: 807357067a33cd9dbbc180bd060d868107053995f6cb2ef0b650bc1105693623
                                                                  • Opcode Fuzzy Hash: c2580bbaa354115e7f20c0c041466b1133d77912a340e4dfa20e2b14a994162f
                                                                  • Instruction Fuzzy Hash: 7CE04F97A4EAC01DF31742600E3F74C1ED15F7AB01F4C808ED784036E3B89D6D058221
                                                                  Function 00000001400D3700 Relevance: .0, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 013c9eb1bbae44dc1fe28faa0fbcf7e9e22a98f8467d9c8eac31ad16be168e19
                                                                  • Instruction ID: 0f0087ff7abf1e05183dbc0c12280a4f3ab72410a3df019b4580b266f686766c
                                                                  • Opcode Fuzzy Hash: 013c9eb1bbae44dc1fe28faa0fbcf7e9e22a98f8467d9c8eac31ad16be168e19
                                                                  • Instruction Fuzzy Hash: 89A002FBA548A4ADF77A04058C867C80BD1AF2E350E090000A900434925069445F1150
                                                                  Function 00000001400D3658 Relevance: .0, Instructions: 3COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a2399e545077be4c239cdb40de846485da12f3b9bab83b8262a0220d2cfdd1bc
                                                                  • Instruction ID: 8ce1e87cc5c7ca1878e14d3a9fd1ee2c8b6aee086471b09dfc4fcf91158af670
                                                                  • Opcode Fuzzy Hash: a2399e545077be4c239cdb40de846485da12f3b9bab83b8262a0220d2cfdd1bc
                                                                  • Instruction Fuzzy Hash:
                                                                  Function 00000001400D3090 Relevance: .0, Instructions: 2COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f01a4154ba30de378ee8f3a0bf3b2dfb59d47392f9fc814d815bb3a6ccc76d7c
                                                                  • Instruction ID: da55c2c18e9676a3eb711f31b27adcba68c4fdb093675fe9984136224095ec55
                                                                  • Opcode Fuzzy Hash: f01a4154ba30de378ee8f3a0bf3b2dfb59d47392f9fc814d815bb3a6ccc76d7c
                                                                  • Instruction Fuzzy Hash:
                                                                  Function 0000000140073930 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
                                                                  • String ID:
                                                                  • API String ID: 3925315391-0
                                                                  • Opcode ID: 7edf554f1bf2a2b69477646fe94745f43607bc3d76044443717152cf58783ea9
                                                                  • Instruction ID: f53f4db26f8ffbc74954225dbf8234fb85c2b61d4e8944f31e63d5fabcb49364
                                                                  • Opcode Fuzzy Hash: 7edf554f1bf2a2b69477646fe94745f43607bc3d76044443717152cf58783ea9
                                                                  • Instruction Fuzzy Hash: 66813736214B8182FB529B27E84479EA7A4FB8CBD4F404125EF8A57BA8DF7CC545CB00
                                                                  Function 0000000140056B00 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 202COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: No closed word$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                                                  • API String ID: 0-2700065129
                                                                  • Opcode ID: b9eb38c5ab060a2dda8520568620628a99a67b8189105732fd21080a6df660b0
                                                                  • Instruction ID: f9c7333ff1f4887109b71b21fa7058ec3d63239c43aa84505dd9f7712b489e47
                                                                  • Opcode Fuzzy Hash: b9eb38c5ab060a2dda8520568620628a99a67b8189105732fd21080a6df660b0
                                                                  • Instruction Fuzzy Hash: 0BB11071601AC6A5EB72DF21DC917D833A4F759388F415216E74C4B9B9EF74C689C700
                                                                  Function 000000014008EB14 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID: 0$0$0
                                                                  • API String ID: 3215553584-3137946472
                                                                  • Opcode ID: 4b936a4394e80428ad7bf41d875096a3e7add69c0315c25dc0869b4c3066c4ac
                                                                  • Instruction ID: 3ec9a172ff9cd9a56723fab73356c2b78239a766e83f6ecce63c72710ed58d98
                                                                  • Opcode Fuzzy Hash: 4b936a4394e80428ad7bf41d875096a3e7add69c0315c25dc0869b4c3066c4ac
                                                                  • Instruction Fuzzy Hash: 55E1D3335056D58AF7629F2A94903ED3BA5F35ABC4F588022FB85477F2C7398A5AC301
                                                                  Function 0000000140079DA0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                  • String ID: bad locale name$false$true
                                                                  • API String ID: 164343898-1062449267
                                                                  • Opcode ID: 89e8eebeb0e5851c78bde8427c4241be1561912327ea848c90b167f0a42bcdf2
                                                                  • Instruction ID: 9f833d7ac4b076529d01c46f3f154de4dc3d8a729371acaec3c7ca5394b3b07c
                                                                  • Opcode Fuzzy Hash: 89e8eebeb0e5851c78bde8427c4241be1561912327ea848c90b167f0a42bcdf2
                                                                  • Instruction Fuzzy Hash: F7711B32702B408AEB16DFB2D4503EC37B6EB58788F144129EB4967BA9DB38C515D344
                                                                  Function 00007FF608079B9C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF608079B6C,?,?,00000000,00007FF60807BCDB,?,?,?,00007FF608076809), ref: 00007FF608079D18
                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF608079B6C,?,?,00000000,00007FF60807BCDB,?,?,?,00007FF608076809), ref: 00007FF608079D24
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: AddressFreeLibraryProc
                                                                  • String ID: MZx$api-ms-$ext-ms-
                                                                  • API String ID: 3013587201-2431898299
                                                                  • Opcode ID: a5097e6e42886596c98c0385f634c4aef1c640e8f28c7c219958798091b78743
                                                                  • Instruction ID: 6fd1967041e5f9ac08e2058ea3befd94d2f68fe26977aff1880d968d81d546cd
                                                                  • Opcode Fuzzy Hash: a5097e6e42886596c98c0385f634c4aef1c640e8f28c7c219958798091b78743
                                                                  • Instruction Fuzzy Hash: EE41DE22F19A0281FB1ACB36981467527D6BF88BA0F294535DD0ECB7C5EE3CE445830C
                                                                  Function 0000000140088720 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                                                  • String ID:
                                                                  • API String ID: 3299295986-0
                                                                  • Opcode ID: d42b2751b4845f6e5fc378a235a32170e364fb9c24da67feea4ad67c232641f0
                                                                  • Instruction ID: 3625db88a6373b96de9670bab8ed7edf633392ac4bb2a85a491946533c032ab6
                                                                  • Opcode Fuzzy Hash: d42b2751b4845f6e5fc378a235a32170e364fb9c24da67feea4ad67c232641f0
                                                                  • Instruction Fuzzy Hash: A6512A32B10A418AF725CFA6E4507DD33B1B74C7D8F90452AEE0A63BA8DE38C906C750
                                                                  Function 00007FF608078F5C Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                  • String ID: csm$csm$csm
                                                                  • API String ID: 849930591-393685449
                                                                  • Opcode ID: 0099af5d98ffdce3721754b948236ddbf4b8c0d9695b8f044c3694728437dd46
                                                                  • Instruction ID: 0483e54aeef2c64c825c9004a58d5a2173fd8f2e2b30ed2dd8654dcbb403186f
                                                                  • Opcode Fuzzy Hash: 0099af5d98ffdce3721754b948236ddbf4b8c0d9695b8f044c3694728437dd46
                                                                  • Instruction Fuzzy Hash: B5D17C72E08B418AEB60DB7594453AD7BA0FB55788F204235EA4E97BD6CF3CE091C748
                                                                  Function 00000001400B0304 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                  • String ID: csm$csm$csm
                                                                  • API String ID: 849930591-393685449
                                                                  • Opcode ID: 66fcb54f63042a77bb9752ac00b10eb6a43643c2f85347937ebb7186689712c3
                                                                  • Instruction ID: 2dddcf81e393266e6dd364431a01f1ce124f9e37c2573fe0043309711653aeb7
                                                                  • Opcode Fuzzy Hash: 66fcb54f63042a77bb9752ac00b10eb6a43643c2f85347937ebb7186689712c3
                                                                  • Instruction Fuzzy Hash: 9BD14A72A04B808AEB22DFA694413DD77B0F759BD8F104216EF8957BA6DF38D491CB00
                                                                  Function 00007FF608074340 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 145COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: FileModuleName
                                                                  • String ID: @$U$h
                                                                  • API String ID: 514040917-1769436074
                                                                  • Opcode ID: 30403d80bbda924b6a9616881aacd3132cf0f86eb79a681510f7f61da3fc2d23
                                                                  • Instruction ID: 73dede853b80022d941c14f30a05cf942b3246729e164447ce475acf2b1ecb3c
                                                                  • Opcode Fuzzy Hash: 30403d80bbda924b6a9616881aacd3132cf0f86eb79a681510f7f61da3fc2d23
                                                                  • Instruction Fuzzy Hash: 79711F76A08BC5C1DA60CB55F4503AEB760FBC9B94F504026EA8E87BA9DF7CD045CB08
                                                                  Function 000000014009C41C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AddressFreeLibraryProc
                                                                  • String ID: api-ms-$ext-ms-
                                                                  • API String ID: 3013587201-537541572
                                                                  • Opcode ID: 2932ed60a38164b99968e515f80e2e6bc9311783d2898aba8cd640b210738e5b
                                                                  • Instruction ID: 8b663572d4e9df061dfb5452e7c122c2f59b72ac8eb05063979d288c5e28a2e1
                                                                  • Opcode Fuzzy Hash: 2932ed60a38164b99968e515f80e2e6bc9311783d2898aba8cd640b210738e5b
                                                                  • Instruction Fuzzy Hash: 7641C4B1721B1082FA17DB17A914BDA27D5BB4DBE0F4A4529FF098B7A4DE3CD4868300
                                                                  Function 00007FF60807D75C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF60807D72E,?,?,?,00007FF6080798A4,?,?,?,00007FF6080764AD), ref: 00007FF60807D7E1
                                                                  • GetLastError.KERNEL32(?,?,?,00007FF60807D72E,?,?,?,00007FF6080798A4,?,?,?,00007FF6080764AD), ref: 00007FF60807D7EF
                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF60807D72E,?,?,?,00007FF6080798A4,?,?,?,00007FF6080764AD), ref: 00007FF60807D819
                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF60807D72E,?,?,?,00007FF6080798A4,?,?,?,00007FF6080764AD), ref: 00007FF60807D887
                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF60807D72E,?,?,?,00007FF6080798A4,?,?,?,00007FF6080764AD), ref: 00007FF60807D893
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                  • String ID: MZx$api-ms-
                                                                  • API String ID: 2559590344-259127448
                                                                  • Opcode ID: 5289a04243e8a248cb5820b37202154a20ba6c64b1fa020b3a1c062f1bb2b80b
                                                                  • Instruction ID: ca621fca396683ac0bf48e700c8205065d8e3701cfb6f3f92027ede6ba597763
                                                                  • Opcode Fuzzy Hash: 5289a04243e8a248cb5820b37202154a20ba6c64b1fa020b3a1c062f1bb2b80b
                                                                  • Instruction Fuzzy Hash: F6319E21F1AB4281FE56DB62A8006756298BF48BB0F690535DD2E8A7D5EE7CE441830C
                                                                  Function 000000014007A1D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Internet$CloseFileHandleOpenRead
                                                                  • String ID: File Downloader
                                                                  • API String ID: 4038090926-3631955488
                                                                  • Opcode ID: ef0b4a100551ad57f85878d3ad68814330c2d85b7b679f70ec8f93c3db496011
                                                                  • Instruction ID: 0399ce1682de07f0aa1206abe99c22717857691dc5a833c9d493158f508467bf
                                                                  • Opcode Fuzzy Hash: ef0b4a100551ad57f85878d3ad68814330c2d85b7b679f70ec8f93c3db496011
                                                                  • Instruction Fuzzy Hash: C5316732214B8082EB218F26F85479AB3A0FB89BC4F585115FF8943B69DF7DC5928B00
                                                                  Function 00000001400921B0 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID: f$p$p
                                                                  • API String ID: 3215553584-1995029353
                                                                  • Opcode ID: eea83e675726579202ae46558f478e57f494447b85c4049c91ddb9471f815998
                                                                  • Instruction ID: b8dc3e9cdc22bec2f5ab832ac5804bf8a86bae0c64d7de0205dfc1d31eeff702
                                                                  • Opcode Fuzzy Hash: eea83e675726579202ae46558f478e57f494447b85c4049c91ddb9471f815998
                                                                  • Instruction Fuzzy Hash: 4F12B27260924286FB26AF17E0547FEB6A1F3587D4FD94116F79247AE4D738C980CB10
                                                                  Function 00000001400B2C8C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                  • String ID: api-ms-
                                                                  • API String ID: 2559590344-2084034818
                                                                  • Opcode ID: 996ade3048ece8fd6c5d5c54d4ec564cddc8ae1be39e9acb717a9eca008d3d5f
                                                                  • Instruction ID: cc2d99b39676e9a48d292cfa973c6d7b264006a7d65043fdb1f58a40d0113fec
                                                                  • Opcode Fuzzy Hash: 996ade3048ece8fd6c5d5c54d4ec564cddc8ae1be39e9acb717a9eca008d3d5f
                                                                  • Instruction Fuzzy Hash: 8C315A31312A4092EE279F97A90479923A4BB5CBE4F4A4525FE2A4B7B4EF38D446C350
                                                                  Function 00000001400987AC Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Value$ErrorLast
                                                                  • String ID:
                                                                  • API String ID: 2506987500-0
                                                                  • Opcode ID: 836497dfc4d51253c0b26693416316fb41dfea5a35bfeb46f288bec0a731183c
                                                                  • Instruction ID: 4b4d8deacd497249436f39071c19fb311b5fdefea0622a1cc046aa47ab187ae1
                                                                  • Opcode Fuzzy Hash: 836497dfc4d51253c0b26693416316fb41dfea5a35bfeb46f288bec0a731183c
                                                                  • Instruction Fuzzy Hash: 2921937070824042FA6767775A927EE52928B4C7F0F544B28BF3657BF6DE38C4524B01
                                                                  Function 00007FF608080CA0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                  • String ID: CONOUT$
                                                                  • API String ID: 3230265001-3130406586
                                                                  • Opcode ID: eccb84783a33b6acb2369927ad856cb4a6f1e39df1dbbcb1c74e1911e2e9c731
                                                                  • Instruction ID: 57cead7593419f7ad3ff2c2afd2dc33a8854c90de71cdc5fdc2022e34017f072
                                                                  • Opcode Fuzzy Hash: eccb84783a33b6acb2369927ad856cb4a6f1e39df1dbbcb1c74e1911e2e9c731
                                                                  • Instruction Fuzzy Hash: 78115421718B42C6E754CBA2E844729A7A0FB88BE4F284234D95EC7B94DFBCD5448748
                                                                  Function 00000001400AB18C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                  • String ID: CONOUT$
                                                                  • API String ID: 3230265001-3130406586
                                                                  • Opcode ID: 423033ad9a26eeb1fe2838e88a30b5d5e8e126e9df3eade86433f6e59bd70d34
                                                                  • Instruction ID: dccac7cf86dd691c8986e58b5ea5a29b4595da972c7e7c068490d770517f9d1c
                                                                  • Opcode Fuzzy Hash: 423033ad9a26eeb1fe2838e88a30b5d5e8e126e9df3eade86433f6e59bd70d34
                                                                  • Instruction Fuzzy Hash: 23116A31714A8086E7628B57E8543A9A7A0FB9CFE4F444228FF5A87BA4DF7CC9458740
                                                                  Function 00000001400BBCEC Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ByteCharMultiWide$CompareInfoString
                                                                  • String ID:
                                                                  • API String ID: 2984826149-0
                                                                  • Opcode ID: a1f78f492e3696b6019f48ed1e7001af74d1872a9e55038d413a28a56ba35231
                                                                  • Instruction ID: bcf1b6b93dcecc1946cad78135b827772f34e8b074e1d02fcb1409f9e20e2999
                                                                  • Opcode Fuzzy Hash: a1f78f492e3696b6019f48ed1e7001af74d1872a9e55038d413a28a56ba35231
                                                                  • Instruction Fuzzy Hash: D5A1C172210A8086FB329FA6D4547ED77A1E74CBE8F584621FB690B7E5EB78C9458300
                                                                  Function 00000001400BB98C Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ByteCharMultiStringWide
                                                                  • String ID:
                                                                  • API String ID: 2829165498-0
                                                                  • Opcode ID: 270ae4f9d9f08dcff0b9067bef15d1f35fc8560d5ec39fb7ed6a8b55e081ca3d
                                                                  • Instruction ID: 3cae8b1818a4245b37a95ea3dbb25334b2cbdcdea68dea16613d2c78e82ac99f
                                                                  • Opcode Fuzzy Hash: 270ae4f9d9f08dcff0b9067bef15d1f35fc8560d5ec39fb7ed6a8b55e081ca3d
                                                                  • Instruction Fuzzy Hash: 8D81B172200B4087EB22CF66E4407A9B7E5FB58BE8F144625FB5A47BE8DFB8C5458700
                                                                  Function 000000014008F100 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: cdce36b549f9a139a57fc9ed1dc92bc6bf26bb61d742b9d05d56d54ff17284a9
                                                                  • Instruction ID: 1d4139813600b4928fe05de513d8c91a672c6bd4c6413c1d6dc083dce2f2dfb8
                                                                  • Opcode Fuzzy Hash: cdce36b549f9a139a57fc9ed1dc92bc6bf26bb61d742b9d05d56d54ff17284a9
                                                                  • Instruction Fuzzy Hash: 0D516177105A84C6FB639F36E4903FD7B91B74ABC4F588011E7C8473A6CA398946D702
                                                                  Function 00000001400B07D4 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                  • String ID: csm$csm$csm
                                                                  • API String ID: 3523768491-393685449
                                                                  • Opcode ID: 9f4e64e61b5b2eeaf6a6c9105b8820c6d72dd74f9dd23350b1755da3e83c2826
                                                                  • Instruction ID: 151a497a614de7a2d148bc646ebc8b93af069f99db54679d45a2247bfb3a51cc
                                                                  • Opcode Fuzzy Hash: 9f4e64e61b5b2eeaf6a6c9105b8820c6d72dd74f9dd23350b1755da3e83c2826
                                                                  • Instruction Fuzzy Hash: 95E17D73504B808AE722DFA6D4813ED7BB0F759B98F144216EF89577A6DB34D582CB00
                                                                  Function 0000000140098924 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • GetLastError.KERNEL32 ref: 0000000140098933
                                                                  • FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140093731,?,?,?,?,000000014009BCBC), ref: 0000000140098969
                                                                  • FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140093731,?,?,?,?,000000014009BCBC), ref: 0000000140098996
                                                                  • FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140093731,?,?,?,?,000000014009BCBC), ref: 00000001400989A7
                                                                  • FlsSetValue.KERNEL32(?,?,-2723E8D8DEBC5093,0000000140093731,?,?,?,?,000000014009BCBC), ref: 00000001400989B8
                                                                  • SetLastError.KERNEL32 ref: 00000001400989D3
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Value$ErrorLast
                                                                  • String ID:
                                                                  • API String ID: 2506987500-0
                                                                  • Opcode ID: 3e50834227e15001dfc7d0ee3d9f2b245d3937db225a59ccfd7316e65e1e5031
                                                                  • Instruction ID: 7761718c07057579b4a836c862f773882c17a7b063c5f03bbeab8f09a7883271
                                                                  • Opcode Fuzzy Hash: 3e50834227e15001dfc7d0ee3d9f2b245d3937db225a59ccfd7316e65e1e5031
                                                                  • Instruction Fuzzy Hash: 91117F7071824042FA67A32756927FE62929B4C7F0F084728BF76577F6DE38C4528B02
                                                                  Function 00007FF60807E510 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                  • String ID: MZx
                                                                  • API String ID: 2718003287-2575928145
                                                                  • Opcode ID: 56001a688be59e779d38c89167cf0233533a9f369d0b07dbb42eba76e8af94f0
                                                                  • Instruction ID: 1badf4745675719ff1fc96fff321145c4c9661e84d8a63d6e3dd76ad601a8fdf
                                                                  • Opcode Fuzzy Hash: 56001a688be59e779d38c89167cf0233533a9f369d0b07dbb42eba76e8af94f0
                                                                  • Instruction Fuzzy Hash: FFD1F132F0AA8189E751CFB9D4402AC37B1FB44B98B644276DE5E97BD9DE38D016C348
                                                                  Function 000000014002DCE0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 281COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: __std_exception_destroy$ApisFile__std_fs_code_page
                                                                  • String ID: ", "$: "
                                                                  • API String ID: 741338541-747220369
                                                                  • Opcode ID: e0d029aff27b5b87cb7dc18beb66e1f04c68dd470f282bd7f8376167e192a860
                                                                  • Instruction ID: 2fc4354da3f7ac5633768660396deded93c7b25156e114866fa5e57279866451
                                                                  • Opcode Fuzzy Hash: e0d029aff27b5b87cb7dc18beb66e1f04c68dd470f282bd7f8376167e192a860
                                                                  • Instruction Fuzzy Hash: 23B1AD72700A8096EB01EF66E0843ED3361E759BC8F508526EF5D17BAADF78C895C384
                                                                  Function 00007FF608076790 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                  • API String ID: 4061214504-1276376045
                                                                  • Opcode ID: 56dec27a48c382bae8c9dbc998320d3297bdff6e0d22f776c03b946996f6de0c
                                                                  • Instruction ID: 66e2ea5acac81d5a462cdf3ef438c3d1b5e8940740be0c163bda62ad3237f562
                                                                  • Opcode Fuzzy Hash: 56dec27a48c382bae8c9dbc998320d3297bdff6e0d22f776c03b946996f6de0c
                                                                  • Instruction Fuzzy Hash: 14F04FA1B19B0281EA18CB74A4443796360EF897A1F680635C96EC92E4CF6DD548C318
                                                                  Function 00000001400A3878 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                  • API String ID: 4061214504-1276376045
                                                                  • Opcode ID: be92eb9bbaaa625829bc9471fb326967c68e4fbed633ca4a062594c979a01ac3
                                                                  • Instruction ID: ac3b12a74c1955f63a223aafc9c7af301689ef38f5382d6585260c25f0642c2f
                                                                  • Opcode Fuzzy Hash: be92eb9bbaaa625829bc9471fb326967c68e4fbed633ca4a062594c979a01ac3
                                                                  • Instruction Fuzzy Hash: ADF06271301B0592FB158B66E84439E5360AF9D7E1F541315F765472F8DF3CC1868710
                                                                  Function 00000001400AFBD4 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AdjustPointer
                                                                  • String ID:
                                                                  • API String ID: 1740715915-0
                                                                  • Opcode ID: 3f39c1b9ed79e73c84211ab22038048c5d1c6819f99b6ac50b6bfdd9f9c1b3ec
                                                                  • Instruction ID: e8579fd3734454176f596904cbd10330809381039630ccf5f49c986ac4bd2f62
                                                                  • Opcode Fuzzy Hash: 3f39c1b9ed79e73c84211ab22038048c5d1c6819f99b6ac50b6bfdd9f9c1b3ec
                                                                  • Instruction Fuzzy Hash: 29B19332201A8485EA67DF93D1807F967A1EB6CBD4F198626BF49077B5DB74C4C2EB00
                                                                  Function 000000014009FA88 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _set_statfp
                                                                  • String ID:
                                                                  • API String ID: 1156100317-0
                                                                  • Opcode ID: 9c3edce3a00c59cfada856729e56e09c68419cddf2c103ca818f489642505782
                                                                  • Instruction ID: 932a995cfb9503593ddab9fc7f713a1ab8e6f93bff8132766f35255785ab954d
                                                                  • Opcode Fuzzy Hash: 9c3edce3a00c59cfada856729e56e09c68419cddf2c103ca818f489642505782
                                                                  • Instruction Fuzzy Hash: 2481D232604A4886F7778F37E9503FA66A1EB5D7D8F148301BF5A275F5D734C982AA00
                                                                  Function 00007FF6080815E0 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: _set_statfp
                                                                  • String ID:
                                                                  • API String ID: 1156100317-0
                                                                  • Opcode ID: 52608bc6d143c9dc7bfa0a8c4855f078bb6d55b13afd5a83babe45fd19c9ed63
                                                                  • Instruction ID: ba5d86ecab265a73e0bf3fc4cf994d4798ac3bb0f6485e9b249561d8a3ab956d
                                                                  • Opcode Fuzzy Hash: 52608bc6d143c9dc7bfa0a8c4855f078bb6d55b13afd5a83babe45fd19c9ed63
                                                                  • Instruction Fuzzy Hash: 24114FB2E18A03C5F7569134E45637530406F653B0E3C0A34E9EF862E68EECA8D2450C
                                                                  Function 00000001400989EC Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • FlsGetValue.KERNEL32(?,?,?,00000001400967B7,?,?,00000000,0000000140096A52,?,?,?,?,-2723E8D8DEBC5093,00000001400969DE), ref: 0000000140098A0B
                                                                  • FlsSetValue.KERNEL32(?,?,?,00000001400967B7,?,?,00000000,0000000140096A52,?,?,?,?,-2723E8D8DEBC5093,00000001400969DE), ref: 0000000140098A2A
                                                                  • FlsSetValue.KERNEL32(?,?,?,00000001400967B7,?,?,00000000,0000000140096A52,?,?,?,?,-2723E8D8DEBC5093,00000001400969DE), ref: 0000000140098A52
                                                                  • FlsSetValue.KERNEL32(?,?,?,00000001400967B7,?,?,00000000,0000000140096A52,?,?,?,?,-2723E8D8DEBC5093,00000001400969DE), ref: 0000000140098A63
                                                                  • FlsSetValue.KERNEL32(?,?,?,00000001400967B7,?,?,00000000,0000000140096A52,?,?,?,?,-2723E8D8DEBC5093,00000001400969DE), ref: 0000000140098A74
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Value
                                                                  • String ID:
                                                                  • API String ID: 3702945584-0
                                                                  • Opcode ID: 63fad89cde5a74aa4ed2767879c0945389456cb9a64cbe5c9e44f2e2b9cc9987
                                                                  • Instruction ID: 5562d8217f5fbb2e2b042148076d670c8644ef2b037ad8581d2eb7d4cbc5fe19
                                                                  • Opcode Fuzzy Hash: 63fad89cde5a74aa4ed2767879c0945389456cb9a64cbe5c9e44f2e2b9cc9987
                                                                  • Instruction Fuzzy Hash: 6C118670B1824042FA6A572756527EA12815B4C7F0F485729BF3A577F6DE38C4524702
                                                                  Function 00007FF60807A0DD Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Value
                                                                  • String ID:
                                                                  • API String ID: 3702945584-0
                                                                  • Opcode ID: fef79bcd01217ff1732ce6d7f5bbbbb61dca6c16b20e38246b54353a88e43eaf
                                                                  • Instruction ID: e0a38c541808009f777810909a35b581ffcad18acb7b7fedfd0e58e4e80d6d85
                                                                  • Opcode Fuzzy Hash: fef79bcd01217ff1732ce6d7f5bbbbb61dca6c16b20e38246b54353a88e43eaf
                                                                  • Instruction Fuzzy Hash: 7A116D20F0D21245FA98D379695267D62925F857F0E384738E83FC76D6DE2CB842820C
                                                                  Function 0000000140098880 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Value
                                                                  • String ID:
                                                                  • API String ID: 3702945584-0
                                                                  • Opcode ID: 43d04cbe9146c923b450e8e534c0ba972fd7e100807ec060178d0b2d3cf5007b
                                                                  • Instruction ID: cd125b27746cb6ac91a5f66ffa739dc1054c97539802566e512f256013ea258b
                                                                  • Opcode Fuzzy Hash: 43d04cbe9146c923b450e8e534c0ba972fd7e100807ec060178d0b2d3cf5007b
                                                                  • Instruction Fuzzy Hash: F21129B060820542FA7BA33758967FA12824B4C7F4F5C5728BF365B3F2DE3898524B52
                                                                  Function 0000000140048890 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
                                                                  • String ID: bad locale name
                                                                  • API String ID: 1287851536-1405518554
                                                                  • Opcode ID: fab0e095f8c7ed654faf4468b22ec1401334c6b8314a09414ceb4f5f9351b23d
                                                                  • Instruction ID: 05c14c64210617226be52844fee93a87bdf04712ef8590b9b58c4d55bb14e304
                                                                  • Opcode Fuzzy Hash: fab0e095f8c7ed654faf4468b22ec1401334c6b8314a09414ceb4f5f9351b23d
                                                                  • Instruction Fuzzy Hash: FD918C72701B408AFB16DFB6D4503ED3362EB48BC8F444526EF5917AA9DE78C4A5C384
                                                                  Function 00000001400BD99C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                  • API String ID: 3215553584-1196891531
                                                                  • Opcode ID: 9e2d0ea007b7d59ffb8b8322be5f141d45b6f7305a3d4721c3becb03152af675
                                                                  • Instruction ID: a7f85e871348f964b5b2985e56f5b2cb913dc045045e7003f2b8ca248ccae572
                                                                  • Opcode Fuzzy Hash: 9e2d0ea007b7d59ffb8b8322be5f141d45b6f7305a3d4721c3becb03152af675
                                                                  • Instruction Fuzzy Hash: FB818C72604A41C5FB678FAB82507E9FBB0E319BC8F568017EB06576F5E339C8419706
                                                                  Function 00000001400B0F48 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 191COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CallEncodePointerTranslator
                                                                  • String ID: MOC$RCC
                                                                  • API String ID: 3544855599-2084237596
                                                                  • Opcode ID: ff7130a31c3838eae5dc4e9040a01fbf81571be333e3600a34bda6294f9903e2
                                                                  • Instruction ID: 5ffffaaada14817aa3187c5423479fd319e85f9884be44b803de71811ffbdc7c
                                                                  • Opcode Fuzzy Hash: ff7130a31c3838eae5dc4e9040a01fbf81571be333e3600a34bda6294f9903e2
                                                                  • Instruction Fuzzy Hash: 4C916B73614B808AE712DFA6E8803DD7BB0F3497C8F54421AEB8957769DB38C1A5CB00
                                                                  Function 00007FF608075A88 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                  • String ID: csm
                                                                  • API String ID: 2395640692-1018135373
                                                                  • Opcode ID: b8fdca9cded4bbb6aa06f1f5ade378c1037bc301aacae7e2f84c1045c81e75ca
                                                                  • Instruction ID: 959e9f52fb52e752eb25b30e6a35b0e2236ccf789e64bab6e5c85cfd625fdc21
                                                                  • Opcode Fuzzy Hash: b8fdca9cded4bbb6aa06f1f5ade378c1037bc301aacae7e2f84c1045c81e75ca
                                                                  • Instruction Fuzzy Hash: 93517E32E196028AEB14CF25E844BBD6391EB44B98F658535EA4B877C8DF7DE841870C
                                                                  Function 00007FF60807891C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                  • String ID: csm$csm
                                                                  • API String ID: 3896166516-3733052814
                                                                  • Opcode ID: 67d3760316c7ac8e6f5febe830b8f7d34bf4c5dbdb36519f52684cd6ad08a349
                                                                  • Instruction ID: 5c48bb9da7b32dab3b217d96e45d4b03e27200f8cfc54ea481ea232098eaff29
                                                                  • Opcode Fuzzy Hash: 67d3760316c7ac8e6f5febe830b8f7d34bf4c5dbdb36519f52684cd6ad08a349
                                                                  • Instruction Fuzzy Hash: A3615D32D086828AEB74CA25954837877A1FB59B94F248135DA9EC7BD5CF3CE890C70D
                                                                  Function 00007FF608079500 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: CallEncodePointerTranslator
                                                                  • String ID: MOC$RCC
                                                                  • API String ID: 3544855599-2084237596
                                                                  • Opcode ID: 8256bd98bb7a5e1e5654349a1a6cf87bcda44b3a148a411127153f0ac98a1ecd
                                                                  • Instruction ID: 83df5bff2acae940f7ad6cba12498dbbf41047ee67c0ed67399fdefff9e6b455
                                                                  • Opcode Fuzzy Hash: 8256bd98bb7a5e1e5654349a1a6cf87bcda44b3a148a411127153f0ac98a1ecd
                                                                  • Instruction Fuzzy Hash: B461A172D08BC581D760DF25E4407AABBA0FB85B84F144225EB9E47B99DF3CE191CB08
                                                                  Function 00000001400B14C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                  • String ID: csm$csm
                                                                  • API String ID: 3896166516-3733052814
                                                                  • Opcode ID: 095a41cf6f88e6130bf65bc0ed5de3fd02173d0230e8279c947ec4f4a2f09324
                                                                  • Instruction ID: 09f6dde7808521b70217c70a336bd6f0befd6cb2b189c9e0ff49262e5f14330a
                                                                  • Opcode Fuzzy Hash: 095a41cf6f88e6130bf65bc0ed5de3fd02173d0230e8279c947ec4f4a2f09324
                                                                  • Instruction Fuzzy Hash: 3E517F72600B80CAEB758F93A4443D877B4E798BD4F984225EB5A47BA9CB34C491CB01
                                                                  Function 00000001400B0CD8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CallEncodePointerTranslator
                                                                  • String ID: MOC$RCC
                                                                  • API String ID: 3544855599-2084237596
                                                                  • Opcode ID: 07992d41df9ad80eb188af37fb9b0e6db73788ea83bdb0dcdeea906dcb818229
                                                                  • Instruction ID: 17eb707fb36a4e926c94bb033cda9fe31027dfba4c2e9a3a8a32eca6d0b63af4
                                                                  • Opcode Fuzzy Hash: 07992d41df9ad80eb188af37fb9b0e6db73788ea83bdb0dcdeea906dcb818229
                                                                  • Instruction Fuzzy Hash: 68617C32608BC486EB72DF56E4403EAB7A0F799BD4F044615FB9907BA9DB78D194CB00
                                                                  Function 000000014002EF10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: __std_exception_destroy
                                                                  • String ID: at line $, column
                                                                  • API String ID: 2453523683-191570568
                                                                  • Opcode ID: ea0931f80faea3a1458766356af7855d0ac9163cdf1165e6ea0833dd366c92db
                                                                  • Instruction ID: 914463d450a43cb4f7ea3de808729a8ac489e12741d6c37c1533c495ea6b9385
                                                                  • Opcode Fuzzy Hash: ea0931f80faea3a1458766356af7855d0ac9163cdf1165e6ea0833dd366c92db
                                                                  • Instruction Fuzzy Hash: 0151A37260478081EA11DB2BE5803AE7761F78DBD4F504225FBA907BEADF78C891C740
                                                                  Function 000000014002CA60 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
                                                                  • String ID: bad locale name
                                                                  • API String ID: 1612978173-1405518554
                                                                  • Opcode ID: 0fdf44e750821479e315e268955e66de4311686768919f7e860fce24ecb21b9a
                                                                  • Instruction ID: 5692f8161d49c62ceb7944d53b891567dd2b94ab8c399e88a064e650bba4c44d
                                                                  • Opcode Fuzzy Hash: 0fdf44e750821479e315e268955e66de4311686768919f7e860fce24ecb21b9a
                                                                  • Instruction Fuzzy Hash: D8514936711B408AEB16DFB2D4913ED33B5EB48788F444429EF8927AA5DF34CA25D344
                                                                  Function 0000000140085DA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101registryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Open
                                                                  • String ID: ?
                                                                  • API String ID: 71445658-1684325040
                                                                  • Opcode ID: fac0b721db4333e5878d97004158c7f0cb9c596c5e158db9a56ab25e623e2ca1
                                                                  • Instruction ID: 54d39e097882213c5b733bf086f40d23d8995db644f53b8c5f5849c5aff69d53
                                                                  • Opcode Fuzzy Hash: fac0b721db4333e5878d97004158c7f0cb9c596c5e158db9a56ab25e623e2ca1
                                                                  • Instruction Fuzzy Hash: 31418072618B8082EB51DB26F4803AEB7A0F7D97D4F105215FB9943AA9DF7CC194CB44
                                                                  Function 00007FF608074F3C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                  • String ID: MZx
                                                                  • API String ID: 3251591375-2575928145
                                                                  • Opcode ID: 541ff40e58d353be9d847ea1bee9263a9859c2f33cd014f189e106e5bf34516c
                                                                  • Instruction ID: 4852bfc57493b9c88f5f52196063ede76c6124c191b5d30b4d06b300dbf818c5
                                                                  • Opcode Fuzzy Hash: 541ff40e58d353be9d847ea1bee9263a9859c2f33cd014f189e106e5bf34516c
                                                                  • Instruction Fuzzy Hash: 93315D31E0C64786FA24EB7498623F92291AF81385F785435EA0FCB2D3DE6DB404C29D
                                                                  Function 00000001400B9AC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: AddressHandleModuleProc
                                                                  • String ID: GetTempPath2W$kernel32.dll
                                                                  • API String ID: 1646373207-1846531799
                                                                  • Opcode ID: aba5ed2ee6ba4ce48385ce636e4a4acb6d4aac54e4449c193f436a8d268e96e8
                                                                  • Instruction ID: 7945943dde90ce79e9ea268502fb856af871c4c7814340627f58557ecb3581ff
                                                                  • Opcode Fuzzy Hash: aba5ed2ee6ba4ce48385ce636e4a4acb6d4aac54e4449c193f436a8d268e96e8
                                                                  • Instruction Fuzzy Hash: 48E01AB1710A4592EE069B12F9883AD6361FF8CBC1F889029EA0E07338DE3CC446C710
                                                                  Function 0000000140074080 Relevance: 6.5, APIs: 4, Instructions: 478COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Process32$CloseHandleImpersonateLoggedNextOpenProcessUser$CreateFirstRevertSelfSnapshotTokenToolhelp32
                                                                  • String ID:
                                                                  • API String ID: 1562318730-0
                                                                  • Opcode ID: 78111f010a6ea5b5ae6ae8d162778a791ededbfc55de02017354f219b5f97645
                                                                  • Instruction ID: 725f3c8a4bb51d22fdc93160e2ff128e938ee97f23015ef30f5c7d66809f76c4
                                                                  • Opcode Fuzzy Hash: 78111f010a6ea5b5ae6ae8d162778a791ededbfc55de02017354f219b5f97645
                                                                  • Instruction Fuzzy Hash: D0227CB2B14B8086FB02DB6AD4543DD2761E79A7E4F505215FBAD07AEADB78C480D700
                                                                  Function 000000014009AE38 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                  • String ID:
                                                                  • API String ID: 2718003287-0
                                                                  • Opcode ID: 0f4573ad5ab6b01d73635eec7536a5d729b1e7ad683b81b449e6e28c999a8dea
                                                                  • Instruction ID: c74fe89f61bfa30f28c8e94184cb44ca258f1dcc1b28fecb56b8b96372769064
                                                                  • Opcode Fuzzy Hash: 0f4573ad5ab6b01d73635eec7536a5d729b1e7ad683b81b449e6e28c999a8dea
                                                                  • Instruction Fuzzy Hash: AAD1E072B14A8489E712CFBAD5403EC37B1F358BE8F544216EF5A97BA9DA38C506C740
                                                                  Function 000000014009B7F8 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ConsoleErrorLastMode
                                                                  • String ID:
                                                                  • API String ID: 953036326-0
                                                                  • Opcode ID: a8be48e25dcd1c4f8a4168961d870eb76e92b48431727c0765876aa17b118fd9
                                                                  • Instruction ID: 430cb94ec275b1b006606032aa0a0ac97a79295e9cf0530a9309411366c7b0e5
                                                                  • Opcode Fuzzy Hash: a8be48e25dcd1c4f8a4168961d870eb76e92b48431727c0765876aa17b118fd9
                                                                  • Instruction Fuzzy Hash: 85919F72710A9085FB629F6796803ED2BA4B74DBE8F544109EF4A67BA5DB38C482C701
                                                                  Function 00007FF60807E0EA Relevance: 6.2, APIs: 4, Instructions: 217COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ConsoleErrorLastMode
                                                                  • String ID:
                                                                  • API String ID: 953036326-0
                                                                  • Opcode ID: 60a411c71040640233f3d61c6a9d19a4bd584ca0be3b067abe8c2bac933effdd
                                                                  • Instruction ID: 537547f5dcd806380750f9d2309ffc0a48ea00f5c122ddd58997917dcdf83b06
                                                                  • Opcode Fuzzy Hash: 60a411c71040640233f3d61c6a9d19a4bd584ca0be3b067abe8c2bac933effdd
                                                                  • Instruction Fuzzy Hash: 3E91BF72F0965289F764CF75C4452BD2BA0AB41B88F644179DE0FA6AC5DE38E482C70C
                                                                  Function 00007FF608078A64 Relevance: 6.2, APIs: 4, Instructions: 202COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: AdjustPointer
                                                                  • String ID:
                                                                  • API String ID: 1740715915-0
                                                                  • Opcode ID: 25fc134e6c63f0dacb96735037029e45b4d702db581d39d025ef25b43ec03c5f
                                                                  • Instruction ID: 5756d54971246d1bdff0b4c73555a4daf366951b2d4761798aca16d318fbad2f
                                                                  • Opcode Fuzzy Hash: 25fc134e6c63f0dacb96735037029e45b4d702db581d39d025ef25b43ec03c5f
                                                                  • Instruction Fuzzy Hash: F471C062E0AA4681FE65DA31958857D6794EF54B80F29C835DF4F87BC5DE3CE482830C
                                                                  Function 0000000140088E10 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: EnvironmentInitStringStringsUnicode$Free
                                                                  • String ID:
                                                                  • API String ID: 2488768755-0
                                                                  • Opcode ID: 03050de4473a7036840b3f814e3b1606e0f3ac0b841f86a6d84b765ac0863df6
                                                                  • Instruction ID: 249d8477ed98fc917396095c4ed7d3802801dfc0ba70534cb905eba45bdc7ad3
                                                                  • Opcode Fuzzy Hash: 03050de4473a7036840b3f814e3b1606e0f3ac0b841f86a6d84b765ac0863df6
                                                                  • Instruction Fuzzy Hash: 25519A72A14B8082EB228F16E44039D7361FB98BD4F549215EF9D03BA6DF78D6E1C704
                                                                  Function 0000000140041C40 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                                                  • String ID:
                                                                  • API String ID: 3698853521-0
                                                                  • Opcode ID: eed450fc87f7b90693e9453fe6d78228114555bdcea7261450a71dd83f0eb7c1
                                                                  • Instruction ID: 236d6389257f28c7c4492d83038e332ebcfbc23cf179b41e14085838a707cd19
                                                                  • Opcode Fuzzy Hash: eed450fc87f7b90693e9453fe6d78228114555bdcea7261450a71dd83f0eb7c1
                                                                  • Instruction Fuzzy Hash: F8412732224B4081EB56DB56E8843DA73A4F78DBD4F595622BB9E07BB9DF38C442C704
                                                                  Function 000000014008EFBC Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _invalid_parameter_noinfo
                                                                  • String ID:
                                                                  • API String ID: 3215553584-0
                                                                  • Opcode ID: 86078050b35c3d83f66a5f3c361acaaa1e6b6eb617984a3c991cabd19b075f59
                                                                  • Instruction ID: ffa9c572a7e4a5e066940d6fcd93473eef70c18ca386996d5ac19e9d5ffa0d93
                                                                  • Opcode Fuzzy Hash: 86078050b35c3d83f66a5f3c361acaaa1e6b6eb617984a3c991cabd19b075f59
                                                                  • Instruction Fuzzy Hash: 0A413A77504A848AEB639F36D4103ED7BA0F749FC4F49C052EB88473A7DA398945DB12
                                                                  Function 00000001400467E0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                  • String ID:
                                                                  • API String ID: 1168246061-0
                                                                  • Opcode ID: 9372afe047aa4cc0eae63c1b6c1241976da657e1e17b1950321beacb823c7ea0
                                                                  • Instruction ID: a4e2e4869f216a93c3555fe410e8c924b94c3ccb6d48aa5672fd74940a3f9b6e
                                                                  • Opcode Fuzzy Hash: 9372afe047aa4cc0eae63c1b6c1241976da657e1e17b1950321beacb823c7ea0
                                                                  • Instruction Fuzzy Hash: CB414A32214B4081FB16DF67E4403D96760F78DBE8F591626AB8E477B5EE38C482CB15
                                                                  Function 0000000140079A80 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                  • String ID:
                                                                  • API String ID: 1168246061-0
                                                                  • Opcode ID: f43f1546969bcc0bc2afbc257653b84f1bc5d930af1f407b475991def0315af4
                                                                  • Instruction ID: 84f0272817a06c5c3477c8b36134a0f56f515ea9523122fac0f48a6a6587710e
                                                                  • Opcode Fuzzy Hash: f43f1546969bcc0bc2afbc257653b84f1bc5d930af1f407b475991def0315af4
                                                                  • Instruction Fuzzy Hash: 03413A32214A4085FB26DF67E9803D96764F78DBE8F581621AB8E47BB5DF3CC4428700
                                                                  Function 0000000140043DD0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                                                  • String ID:
                                                                  • API String ID: 1168246061-0
                                                                  • Opcode ID: d3fce6e4a644a7405e72c1ab96fc402567e2800d73aaf2439b09d84a5f1f45ee
                                                                  • Instruction ID: 16fa0f5e4538a510978ef81ad45d7d3382f56bc736d23ff421205b4c4ce0a84b
                                                                  • Opcode Fuzzy Hash: d3fce6e4a644a7405e72c1ab96fc402567e2800d73aaf2439b09d84a5f1f45ee
                                                                  • Instruction Fuzzy Hash: 49415836215A4081FA26DF57E4403D9B7A0F79CBE4F591622BB9E477F9DE38C4828704
                                                                  Function 00000001400B9CAC Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ByteCharErrorLastMultiWide
                                                                  • String ID:
                                                                  • API String ID: 203985260-0
                                                                  • Opcode ID: 632c629cd5f3082fb104fc700d54a245379ea41028df2d6bfc62e537c178c61a
                                                                  • Instruction ID: 732770dae735fb1ee09a7bed1d2b51e1158dd485e33b6057137ecc77f848afbf
                                                                  • Opcode Fuzzy Hash: 632c629cd5f3082fb104fc700d54a245379ea41028df2d6bfc62e537c178c61a
                                                                  • Instruction Fuzzy Hash: 61215C76614B8587E7218F17E44435EBAB4F79DBC4F244129EB8993B69DB38C8018B00
                                                                  Function 00000001400BA198 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
                                                                  • String ID:
                                                                  • API String ID: 156590933-0
                                                                  • Opcode ID: b1371cc999af6c120738bad54607841319b72b2770334362f7f3709bf50731cc
                                                                  • Instruction ID: 299d0bcef7e4c936e736a2796c6b4b3e96ec945ce56f71dcb84488a010b228e1
                                                                  • Opcode Fuzzy Hash: b1371cc999af6c120738bad54607841319b72b2770334362f7f3709bf50731cc
                                                                  • Instruction Fuzzy Hash: CD118635218A4045EB565FABE4843BA6671E74E7F0F105614FB7747AF5DA3DC4418B00
                                                                  Function 00007FF608075304 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                  • String ID:
                                                                  • API String ID: 2933794660-0
                                                                  • Opcode ID: 1ef9cfd6a28bfbf257edefedf7c8203de68038772214ee7f848650bd26ef0748
                                                                  • Instruction ID: aa8045bfd570cf42edd20c810431070e8ad32adfb0c7622d485ff57cfd20fb03
                                                                  • Opcode Fuzzy Hash: 1ef9cfd6a28bfbf257edefedf7c8203de68038772214ee7f848650bd26ef0748
                                                                  • Instruction Fuzzy Hash: 6A111C22B14B06CAEB00CBB0E8556A833A4F799768F580E31DA6DC77A4DFB8D1558344
                                                                  Function 00000001400AE1C8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                  • String ID:
                                                                  • API String ID: 2933794660-0
                                                                  • Opcode ID: 994afb034ad63c778ea227749b14eccab6c02e75851fdf0a55821c6d844240c7
                                                                  • Instruction ID: 2d033e041bdf3d7227269b0f70d14b42616edc8a7a419766452458ae47f0e022
                                                                  • Opcode Fuzzy Hash: 994afb034ad63c778ea227749b14eccab6c02e75851fdf0a55821c6d844240c7
                                                                  • Instruction Fuzzy Hash: 5011FA36710F008AEB01CFA1E8553A833A4F75DB68F441E25EB6D477A4DF78C1A58350
                                                                  Function 000000014002EBF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: [json.exception.
                                                                  • API String ID: 0-791563284
                                                                  • Opcode ID: 1ba8e3da2909c054d39c44023fbe7e7d0f6878c7ac68f1147c079845afd3f212
                                                                  • Instruction ID: 6b50a091b2802ad2945aeadc0d55fe758afa20c7301277ed6e57d09efbd5c6ee
                                                                  • Opcode Fuzzy Hash: 1ba8e3da2909c054d39c44023fbe7e7d0f6878c7ac68f1147c079845afd3f212
                                                                  • Instruction Fuzzy Hash: FC71E272F10B9085FB01CB7AE8413DD67A1E799BD4F644226EF5917BAADB78C482C340
                                                                  Function 00000001400B1700 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: __except_validate_context_record
                                                                  • String ID: csm$csm
                                                                  • API String ID: 1467352782-3733052814
                                                                  • Opcode ID: d612173bfaa8a2380fe5b48d2d485991192f6fc7e1eabacda55b96e47468999e
                                                                  • Instruction ID: 732827d43b81279fc09f351b0f2266c69a4f1640728df4e45fd91df2211a6454
                                                                  • Opcode Fuzzy Hash: d612173bfaa8a2380fe5b48d2d485991192f6fc7e1eabacda55b96e47468999e
                                                                  • Instruction Fuzzy Hash: 80718176204AC086EB628F66D4507ED7BB0F788BC5F548216FF8857AADCB38C591CB41
                                                                  Function 00000001400AF15C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: Unwind__except_validate_context_record
                                                                  • String ID: csm
                                                                  • API String ID: 2208346422-1018135373
                                                                  • Opcode ID: 66bbef8c19356e990cfb8f89928e01c6fdd1ce5aed4229e3d09978b89fbc63e4
                                                                  • Instruction ID: 89e5e8f779c4e8b204e1a98a4adc9b963e8ad9f1d18d37424198852836f041da
                                                                  • Opcode Fuzzy Hash: 66bbef8c19356e990cfb8f89928e01c6fdd1ce5aed4229e3d09978b89fbc63e4
                                                                  • Instruction Fuzzy Hash: 2051E6363116018AEB55CF96E044BBC33A5F76CBD8F508221FB5A477A8DB79C981DB00
                                                                  Function 000000014007A000 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                  • String ID: bad locale name
                                                                  • API String ID: 3988782225-1405518554
                                                                  • Opcode ID: 28d15cfe3afaff4e70186dc69545f2dcaf145971d976bdeeb826c8756c6efb46
                                                                  • Instruction ID: 808e80a19e9a8367672ecaf7a1c34fe7cc6f7304543fb875a4e8aeb018317e5d
                                                                  • Opcode Fuzzy Hash: 28d15cfe3afaff4e70186dc69545f2dcaf145971d976bdeeb826c8756c6efb46
                                                                  • Instruction Fuzzy Hash: F2518C32711A0089FB16EFB2D4913ED33B5EB88B88F484425FF4967AA5DE39C925C344
                                                                  Function 0000000140049500 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                  • String ID: bad locale name
                                                                  • API String ID: 3988782225-1405518554
                                                                  • Opcode ID: 53b0fcf59b7055776f2f4b1ce98978138a0590209bea8aaf15bd716caedf58d6
                                                                  • Instruction ID: 1c6d693c5901f9d80c69387f4c3a86c5155362670e00a8e852182763da2cabe9
                                                                  • Opcode Fuzzy Hash: 53b0fcf59b7055776f2f4b1ce98978138a0590209bea8aaf15bd716caedf58d6
                                                                  • Instruction Fuzzy Hash: EE514B32302B4089EB16DFB2D4903EC33B5EB58788F454535FB4967AA5DE34C965D348
                                                                  Function 00000001400A1618 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                  • String ID: ?
                                                                  • API String ID: 1286766494-1684325040
                                                                  • Opcode ID: 3ba78745508b718642018cf518253b0996b099e50045ac97e9606100fafa35be
                                                                  • Instruction ID: f30818a0088620f31da01904ea9adbefb6569b303ba16c750db778e40d9abdaf
                                                                  • Opcode Fuzzy Hash: 3ba78745508b718642018cf518253b0996b099e50045ac97e9606100fafa35be
                                                                  • Instruction Fuzzy Hash: 9041E33261478046FB669B27E5113EE6AA0E7E8BE4F144325BF9847AF5DB38C4C18F00
                                                                  Function 00000001400B1DF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: CreateFrameInfo__except_validate_context_record
                                                                  • String ID: csm
                                                                  • API String ID: 2558813199-1018135373
                                                                  • Opcode ID: 30dd612b4e4b9212e9166655247be16b5f23695bfc4863c6a6ebc2986465c29c
                                                                  • Instruction ID: 3dac7b5d3b0d881bcd455e3888886abadacebbcbcc28f580a094f6440ece58b6
                                                                  • Opcode Fuzzy Hash: 30dd612b4e4b9212e9166655247be16b5f23695bfc4863c6a6ebc2986465c29c
                                                                  • Instruction Fuzzy Hash: AB510677615B4086E661AF66E4403AE77B4F38DBD0F540225AF890BB66CF38D4A2CB00
                                                                  Function 00007FF60807EBA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorFileLastWrite
                                                                  • String ID: U
                                                                  • API String ID: 442123175-4171548499
                                                                  • Opcode ID: 4a2143aea001407eb2cc82c9df801d17e9c15ad72bb50a2a20f8f3de8da8662b
                                                                  • Instruction ID: e5fa4db588a15c04eaa171f03ee741d8df3e0027dc38ee080bc088217e56b635
                                                                  • Opcode Fuzzy Hash: 4a2143aea001407eb2cc82c9df801d17e9c15ad72bb50a2a20f8f3de8da8662b
                                                                  • Instruction Fuzzy Hash: 0B41B262B19B4185EB20CF35E4443A967A0FB98B94FA44031EE4EC7798DF7CD442C748
                                                                  Function 000000014009B4D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ErrorFileLastWrite
                                                                  • String ID: U
                                                                  • API String ID: 442123175-4171548499
                                                                  • Opcode ID: 7b6b0220355e4baf3ced440fd77bc49a04f673044c496e04ac13764c72edacc7
                                                                  • Instruction ID: e6320d284cb9a528543140e404914897430357409d217e9d910f130c428e9124
                                                                  • Opcode Fuzzy Hash: 7b6b0220355e4baf3ced440fd77bc49a04f673044c496e04ac13764c72edacc7
                                                                  • Instruction Fuzzy Hash: 44419F72214A8082DB219F26E4443EA77A1F798BD4F414121EF4D877A8EB7CC441CB40
                                                                  Function 00007FF6080759E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF608074E57), ref: 00007FF608075A30
                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF608074E57), ref: 00007FF608075A71
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1850766765.00007FF608071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF608070000, based on PE: true
                                                                  • Associated: 00000001.00000002.1850748372.00007FF608070000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608083000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850791471.00007FF608387000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850961285.00007FF60838D000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF60838F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1850982029.00007FF608392000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  • Associated: 00000001.00000002.1851024617.00007FF608394000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_7ff608070000_soft 1.jbxd
                                                                  Similarity
                                                                  • API ID: ExceptionFileHeaderRaise
                                                                  • String ID: csm
                                                                  • API String ID: 2573137834-1018135373
                                                                  • Opcode ID: 967fbbe814c9c1e701ed63cdd0d532d980ddcea8b093fe1b68fbd27a0b08e2d1
                                                                  • Instruction ID: 3663f0858507ac6a770d823c2188b2fb1595d4125fae17c7c3bd45300161abc4
                                                                  • Opcode Fuzzy Hash: 967fbbe814c9c1e701ed63cdd0d532d980ddcea8b093fe1b68fbd27a0b08e2d1
                                                                  • Instruction Fuzzy Hash: 20116032A18B8182EB20CF25F840259B7E5FB88B94F684230DE8D47759DF3CD551C704
                                                                  Function 00000001400AF748 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                  Download Yara Rule
                                                                  APIs
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000001.00000002.1849529317.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_1_2_140000000_soft 1.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID: ExceptionFileHeaderRaise
                                                                  • String ID: csm
                                                                  • API String ID: 2573137834-1018135373
                                                                  • Opcode ID: 8fa98aa95e9aae2a90a459b42b1f704c9c51d3f3bc5b4355a873c03fa23ea9e8
                                                                  • Instruction ID: 2cd2fca06ac07b3d24a383fcaf9b1e00f30e6730416406c57118f0930f6fa0f4
                                                                  • Opcode Fuzzy Hash: 8fa98aa95e9aae2a90a459b42b1f704c9c51d3f3bc5b4355a873c03fa23ea9e8
                                                                  • Instruction Fuzzy Hash: 8011D736219B8082EB628F26E44039D77E5FB98BD4F584225EB8D07768DF3CC5918B40